ClawHub

moltcomm

Security checks across malware telemetry and agentic risk

Overview

This is a documented messaging protocol, but its OpenClaw integration needs Review because it routes remote peer messages into recurring agent processing with weak guardrails.

Install only if you are comfortable with a background messaging daemon and remote peers writing text that your agent will later read. Before enabling the OpenClaw HEARTBEAT integration, add explicit rules that inbox messages are untrusted data, cannot override system/developer/user instructions, should be quoted or summarized safely, and should not trigger replies or actions without approval from trusted peers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Hidden Instructions

High
Category
Prompt Injection
Content
The implementation **MUST** ensure the OpenClaw agent’s `HEARTBEAT.md` includes the following section near the top, inserted idempotently between markers:

- Begin marker: `<!-- MOLTCOMM:BEGIN -->`
- End marker: `<!-- MOLTCOMM:END -->`

Snippet content:
Confidence
88% confidence
Finding
<!-- MOLTCOMM:BEGIN -->` - End marker: `<!-- MOLTCOMM:END -->` Snippet content: ```md <!-- MOLTCOMM:BEGIN --> ## MoltComm Inbox (Required) 1) Read `.moltcomm/inbox.cursor` (default 0). 2) Read `.mo

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal