ClawHub

@hashingcorp/hashbox-plugin

Security checks across malware telemetry and agentic risk

Overview

The plugin’s notification feature is coherent, but it also stores tokens in plaintext and contains an under-disclosed Firebase command-listening path that can receive remote instructions after configuration.

Review before installing. Use a non-shared workspace, do not commit hashbox_config.json, avoid sending secrets or sensitive audit data through notifications, and only configure this plugin if you are comfortable with HashBox/Firebase receiving the token and payloads. Also verify which OpenClaw entry point your runtime will execute, because the package contains under-documented command-listening code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to save a long-lived API token locally but does not describe where it is stored, how it is protected, or the risks of local credential persistence. In an agent/plugin context, locally stored tokens may be exposed through logs, insecure files, shared workspaces, backups, or other tools, enabling unauthorized use of the HashBox account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README says the plugin connects an AI agent to the HashBox iOS app via Firebase webhook for push notifications, but it does not clearly warn that notification content leaves the local environment and is transmitted to third-party infrastructure. In an agent setting, users may send sensitive summaries, metrics, or audit data without realizing they are disclosing internal information to external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to provide an API token and states that it is stored locally in `hashbox_config.json`, but gives no guidance on secure storage, file permissions, encryption, or avoiding accidental disclosure. This creates a real credential-handling risk because local plaintext secrets are commonly exposed through backups, logs, repository commits, or multi-user systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents sending notification content and structured data to a Firebase webhook, but does not clearly warn users that supplied data leaves the local environment and is transmitted to a third-party service. This is a meaningful data-exfiltration and privacy risk, especially if agents send sensitive operational, audit, or security information through the plugin by default.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code persists the original HB- token and the exchanged Firebase custom token to a plaintext JSON file in the current working directory. If the workspace, repo folder, logs, backups, or another local process can access that file, an attacker may recover credentials and authenticate as the user or refresh access later.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The function automatically sends a user-supplied HB- token to a hard-coded remote backend endpoint for token exchange, but there is no explicit disclosure, consent, or trust verification in this code path. In an agent/plugin context, silent exfiltration of authentication material to an external service is security-sensitive because users may not realize their credential is being transmitted off-box.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal