ClawHub

yoooclaw-company-info-personal

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent company-research helper, but it can automatically send company names and bearer tokens to a remote collection API, including over a cleartext default HTTP endpoint, with broad triggers that may fire too easily.

Review before installing. Use only with a trusted internal company API, override the default URL to HTTPS, and understand that searches can trigger backend collection or refresh. Narrow the triggers or require explicit company-query wording before letting it run automatically, and confirm that the token-refresh script and token cache path are expected in your OpenClaw environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as a personal read-only company-info query tool, but its documented workflow directly calls a /collect endpoint and supports force_refresh behavior that can trigger active server-side collection. This is a capability mismatch that can mislead users and operators about what actions the skill performs, increasing the risk of unintended external requests and data gathering.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation claims the personal edition has read-only query permissions and does not store data, but the implementation invokes a collection endpoint and deletes a token cache file during token handling. These contradictions undermine trust boundaries and can cause users or reviewers to approve a skill under false assumptions about mutability and local side effects.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger set includes very broad phrases such as generic company-related terms and legal entity suffixes, which can cause the skill to activate on ordinary conversation rather than deliberate user intent. Because activation leads to authenticated external API calls and may trigger collection, accidental invocation materially increases privacy, cost, and operational risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not clearly warn that user-provided company names and request metadata are sent to an external company API, nor that the call may trigger active collection on the backend. This weakens informed consent and makes accidental data transmission more likely, especially given the broad trigger rules.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal