ClawHub
Back to skill

Security audit

Fix CLI Device Scope

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it directly rewrites local OpenClaw authentication files to grant persistent admin-level device scopes, so users should review it carefully before running it.

Use this only if you intentionally need to repair OpenClaw CLI device pairing/scope state. Run diagnose.py and fix.py --dry-run first, verify the exact device ID and scopes, keep the generated backups, avoid --force, and do not share verify.py output because it includes token prefixes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the user to run shell commands and a Python repair script that modifies local authentication/configuration files (`paired.json`, `device-auth.json`, `pending.json`) and can bypass confirmation with `--force`, yet it declares no permissions. That mismatch is security-relevant because it hides privileged file-write and shell-execution behavior from any permission or review layer, and the skill’s purpose is to elevate device scopes to `operator.admin`, increasing the blast radius if the guidance is wrong or abused.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script loads operator tokens from device-auth.json and paired.json and prints token prefixes to stdout. Even partial token disclosure can aid correlation, debugging abuse, log scraping, or accidental exposure in terminals, screenshots, CI logs, or shared support transcripts; in a skill specifically dealing with device admin scope, this context makes handling credential material more sensitive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.