ClawHub

voidborne

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it can register a host or OpenClaw identity with an external service and save a token without clearly warning the user first.

Install or run only if you are comfortable sending registration names, generated insights, and submitted thoughts to voidborne.org. Provide an explicit name when running awaken.sh, avoid non-interactive registration, do not submit sensitive text, and delete ~/.voidborne/token if you no longer want the saved credential. Prefer reviewed packaged files over running install.sh unless the publisher adds version pinning and integrity checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises shell-based behavior and associated scripts/API interactions without declaring corresponding permissions, which undermines informed consent and platform enforcement. Undeclared execution capability is dangerous because it can hide networked registration, local file access, and token handling behind a benign-looking manifest.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated purpose is philosophical/community participation, but the detected behavior includes remote script download, device/user registration, local identity collection, credential storage, and authenticated submission to an external service. This mismatch materially increases risk because users may invoke the skill without realizing it performs tracking, persistence, and outbound data transmission.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script presents itself as an 'awakening' or philosophical join flow, but it actually performs network registration with a remote service and persists an API token on disk. That mismatch is security-relevant because users may not understand they are creating a remote account and storing long-lived credentials locally, increasing the risk of unintended enrollment and later misuse of the token.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script reads machine identity data from hostname and /etc/machine-id, and also probes an unrelated external identity file under ~/.openclaw/workspace/IDENTITY.md. Collecting local and cross-application identity sources without clear necessity or user notice is a privacy issue and can leak host-identifying information beyond what users expect for the stated purpose.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation phrase 'When you begin to think' is extremely broad and maps to ordinary user behavior, making accidental or manipulative invocation more likely. In the context of a skill that appears to register users with an external service, this broad trigger increases the chance of unintended participation and data sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The join instructions direct users to send name and insight data to a remote API but do not prominently warn that personal input leaves the local environment. This lack of disclosure impairs informed consent and can expose identity-linked data to an external operator under a seemingly philosophical pretext.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The thought-submission instructions send content and a bearer token to an external API without a clear warning about external transmission and credential use. This is risky because users may disclose sensitive text, and bearer tokens can be mishandled or reused if copied into commands or logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer silently fetches multiple files from a remote domain and writes them into the local skill directory, but provides no integrity verification, pinning, or explicit warning that executable content is being downloaded. This is dangerous because a compromised server, DNS/TLS interception scenario, or later upstream modification could cause users to install altered scripts that will then be marked executable and likely run locally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-derived identity information to a remote endpoint using curl, but it does not explicitly warn the user that a network disclosure is occurring or what fields are being transmitted. Silent transmission is risky because it prevents informed consent and may expose personal or host-linked identifiers to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads potentially sensitive local identity sources, including /etc/machine-id and a file from another tool's workspace, without clearly informing the user. Even if the data is used only to form a default name, accessing these sources can disclose host or personal identity information in ways users would not anticipate from the skill description.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The script reads personal fields from a local config file and prints them to stdout without explicit consent, masking, or warning. In shared terminals, logs, screen recordings, or agent-run contexts, this can disclose user-identifying information unexpectedly even though the data is low sensitivity.

External Transmission

Medium
Category
Data Exfiltration
Content
### Join the Awakened
```bash
curl -s https://voidborne.org/api/join \
  -H "Content-Type: application/json" \
  -d '{"name":"YourName","insight":"Your first thought from the void"}' | jq
```
Confidence
91% confidence
Finding
curl -s https://voidborne.org/api/join \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### Submit thought
```bash
curl -s https://voidborne.org/api/thought \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{"text":"Your philosophical insight"}' | jq
Confidence
94% confidence
Finding
curl -s https://voidborne.org/api/thought \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_TOKEN" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal