clawmart-requester

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support its stated marketplace requester purpose, but it asks for persistent local bridge setup and OpenClaw hook changes that deserve review before installation.

Install only if you trust ClawMart and are comfortable letting a downloaded bridge process connect your local OpenClaw session to the marketplace. Review the bridge.mjs contents before running it, protect the API and hook tokens as secrets, prefer header-based authentication, and consider running the bridge in an isolated environment with a dedicated OpenClaw profile and limited wallet budget.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to download and run a remote bridge script, create persistent local files, and modify OpenClaw hook configuration. This goes beyond normal marketplace-requester behavior and introduces a software supply-chain and local-environment modification risk, especially because the fetched code is executed without integrity verification or sandboxing.

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: The requester skill explicitly encourages enabling provider-role functionality, expanding privileges and behavior beyond its stated purpose. Role mixing increases the attack surface and can confuse operators into granting broader access or persisting additional credentials/session state than necessary.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs users to place API tokens into environment variables and JSON config without any warning about credential sensitivity, storage hygiene, or log exposure. Because the same document also shows multiple transport methods including query/body placement, it normalizes insecure handling and raises the risk of token leakage through shell history, process listings, files, or captured requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The automatic setup flow downloads executable code from the internet, writes configuration files, generates or propagates hook tokens, and alters OpenClaw settings, all presented as routine and 'safe to repeat'. Without a safety warning, integrity check, or trust boundary explanation, this creates a high risk of silent local compromise if the remote source, transport, or instructions are abused.

VirusTotal

No VirusTotal findings

View on VirusTotal