ClawHub

Labradoc Cli

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated Labradoc CLI purpose, but it exposes powerful account and document operations with weak credential-safety guardrails.

Install only if you specifically need OpenClaw to operate your Labradoc account. Treat API tokens, OAuth codes, PKCE verifiers, and printed access tokens as secrets; avoid running token-dump commands in shared chats, logs, or CI. Confirm before uploads, email retrieval, billing, API-key creation/revocation, raw API requests, or archive/reprocess actions, and prefer a pinned release/checksum over an unpinned latest binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is broad enough to activate on many generic document, task, or API-related requests, which increases the chance the agent invokes this external-service skill when the user did not specifically request Labradoc. Because the skill can authenticate, upload files, query emails, manage API keys, and hit raw endpoints, over-triggering materially raises the risk of unintended data transfer or account actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs use of API tokens and supports numerous commands that transmit documents, emails, OCR text, billing events, and other account data to the Labradoc service, but it does not clearly warn users about credential sensitivity, remote transmission, or the scope of accessible data. In this context, omission of those warnings is dangerous because the skill covers highly sensitive operations, including file upload, email retrieval, API key creation, and raw requests to arbitrary endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This command intentionally prints the stored access token, either raw or in JSON, directly to stdout with no masking, warning, or confirmation. In CLI environments stdout is commonly captured by shells, logs, CI systems, terminal history tooling, or other processes, so exposing a bearer token this way materially increases the chance of credential leakage and subsequent unauthorized API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The command prints the PKCE code_verifier to stdout in both JSON and human-readable modes, which exposes a live OAuth secret to shell history, terminal logs, CI job logs, process capture, or other tooling that records output. PKCE protects public clients only if the verifier remains secret until token exchange; disclosing it materially weakens the flow and is more dangerous in an agent/CLI context where stdout is often automatically captured or forwarded.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The file documents OAuth token issuance, exchange, refresh, and revocation flows for Google and Microsoft integrations without any warning that OAuth codes and resulting tokens are sensitive credentials tied to a user's external accounts. In an agent skill context, this increases the chance that users paste secrets into chats/logs or authorize account access changes without understanding the security implications.

Credential Access

High
Category
Privilege Escalation
Content
var tokenCmd = &cobra.Command{
	Use:   "token",
	Short: "Print the stored access token",
	RunE: func(cmd *cobra.Command, _ []string) error {
		tok, err := cli.LoadToken()
		if err != nil {
Confidence
88% confidence
Finding
access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal