ClawHub

Openclaw Security Checklist

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate security checklist, but it needs Review because it can print local secret matches into reports and contacts a third-party IP lookup service by default.

Install only if you are comfortable with the script reading OpenClaw configuration/workspace files and making an outbound request to ipinfo.io. Do not redirect or share generated reports until you review and redact any secret-like matches, because the script can print raw lines from local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The README explicitly says the script is read-only and does not modify configuration, yet the changelog claims '集成 Discord 告警', which implies network egress and external transmission of report data. That mismatch is a real security concern because operators may run the skill under a false assumption that it only performs local checks, while it may also send metadata or findings off-host.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill is presented as a deployment checklist/report generator, but the README also advertises Discord alert integration, which expands the capability from local assessment into external notification. Undocumented or under-documented scope expansion is dangerous in security tooling because it can leak system status, findings, or operational details to third-party services unexpectedly.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The report presents '未发现 .env 文件(使用环境变量)' as a passed item while the same report also warns that a likely hardcoded API key was found elsewhere. This is dangerous because readers may incorrectly conclude secret management is sound overall, reducing urgency around exposed credentials and creating a misleading security posture.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The privacy-policy template claims '不与任何第三方共享用户数据' as an absolute statement, but the checklist does not establish facts sufficient to support that guarantee. This is risky because users or operators may publish a false compliance statement, creating legal, contractual, and trust exposure if data is in fact sent to model providers, hosting services, analytics, or other processors.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script performs an unsolicited external lookup to ipinfo.io during a local security/compliance check. This discloses the host's public IP and related metadata to a third party, which is especially problematic in a security checklist because users may not expect any outbound network traffic.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Calling curl against ipinfo.io sends host-identifying information to an external service during compliance checking. Even if used only to infer country, it leaks operational metadata and may violate privacy or regulated-environment expectations for offline or internal audit tooling.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal