ClawHub

windylam

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive ride-receipt data, but its Gmail access, local storage, local model processing, and anonymized export are disclosed and aligned with its stated purpose.

Install only if you are comfortable letting gog read ride receipt emails from the selected Gmail account and saving raw receipt content locally. Use a trusted local OpenClaw Gateway, review or delete data/ride-insights files when finished, and treat even the anonymized CSV as potentially sensitive location data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs privileged actions—reads environment variables, accesses local files, runs shell/Python commands, and makes HTTP requests to a Gateway—but does not declare corresponding permissions. That mismatch weakens review and enforcement, because operators may approve or run the skill without understanding that it handles sensitive Gmail-derived financial/location data and transmits raw receipt content over a network interface, even if intended to be loopback-only.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script transmits full ride receipt email JSON, potentially including sensitive route, payment, and identity data, to a model-processing service without an explicit user-facing disclosure or consent prompt at the point of transfer. Even though the host is restricted to localhost, this still expands the trust boundary to another process/service on the machine, which may log, persist, or expose the data unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal