ClawHub

热点检索输出报文

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its recurring outbound messaging and local credential/reset instructions need human review before installation.

Install only if you understand that it creates a recurring job that sends generated news summaries to external messaging services. Before enabling it, set your own recipient and account ID, remove or replace the hard-coded fallback WeChat recipient, avoid printing secrets from local config files, and back up bot account files before following any reset instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill is explicitly designed to perform scheduled outbound delivery to configurable third-party channels and recipients, but it does not present a clear privacy notice, recipient confirmation step, or data-transmission warning. Because the content is gathered, transformed, and then pushed externally on a recurring basis, users may unintentionally transmit information or enable unwanted automated messaging without understanding the exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation configures automatic push delivery to external channels such as WeChat and Telegram without any accompanying privacy warning, consent checkpoint, or data-classification guidance. In this skill’s context, generated content is automatically sent outside the local agent runtime, so users may unknowingly transmit sensitive prompts, outputs, recipient identifiers, or business intelligence to third-party platforms.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instructions tell users to configure API keys and paired bot accounts but do not clearly warn that these credentials are sensitive secrets that must not be exposed in prompts, logs, screenshots, or version control. Because this skill integrates scheduled automation and external delivery providers, mishandling those credentials could allow unauthorized message sending, data access, or abuse of paid API resources.

Ssd 2

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs the agent to 'avoid triggering content filters' by replacing sensitive-topic coverage with alternate topics, which is a form of filter-evasion steering rather than straightforward policy compliance. In context, this is not directly asking for harmful content generation, but it normalizes optimization against safety controls and can be adapted to suppress risk signals or route around platform safeguards.

External Transmission

Medium
Category
Data Exfiltration
Content
TOKEN=$(cat ~/.openclaw/openclaw-weixin/accounts/<bot-id>.json | python3 -c "import json,sys;print(json.load(sys.stdin)['token'])")

# Test: sendMessage
curl -s -w "\n[HTTP %{http_code}]" -X POST \
  -H "Content-Type: application/json" \
  -H "AuthorizationType: ilink_bot_token" \
  -H "X-WECHAT-UIN: dGVzdA==" \
Confidence
91% confidence
Finding
curl -s -w "\n[HTTP %{http_code}]" -X POST \ -H "Content-Type: application/json" \ -H "AuthorizationType: ilink_bot_token" \ -H "X-WECHAT-UIN: dGVzdA==" \ -H "Authorization: Bearer $TOKEN" \

Credential Access

High
Category
Privilege Escalation
Content
openclaw channels list

# 搜索工具已配(${SEARCH_PROVIDER} 对应的 API key 已设置)
grep -E "TAVILY_API_KEY|BRAVE_API_KEY" ~/.openclaw/openclaw.json ~/.openclaw/secrets/*.env

# 模型已在 agents.defaults.models 列出
grep "models" ~/.openclaw/openclaw.json
Confidence
95% confidence
Finding
.env

Tool Parameter Abuse

High
Category
Tool Misuse
Content
nohup systemctl --user stop openclaw-gateway > /dev/null 2>&1 &

# 2. 删旧 token 文件
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.sync.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.context-tokens.json
echo '[]' > ~/.openclaw/openclaw-weixin/accounts.json
Confidence
93% confidence
Finding
rm ~/.openclaw/openclaw-weixin/accounts/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# 2. 删旧 token 文件
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.sync.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.context-tokens.json
echo '[]' > ~/.openclaw/openclaw-weixin/accounts.json
Confidence
93% confidence
Finding
rm ~/.openclaw/openclaw-weixin/accounts/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# 2. 删旧 token 文件
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.sync.json
rm ~/.openclaw/openclaw-weixin/accounts/<old-bot-id>.context-tokens.json
echo '[]' > ~/.openclaw/openclaw-weixin/accounts.json

# 3. 启 gateway
Confidence
93% confidence
Finding
rm ~/.openclaw/openclaw-weixin/accounts/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal