ClawHub

Openclaw Deploy

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is purpose-aligned, but its default full-package workflow can bundle local OpenClaw tokens, configuration, and conversation history for transfer without strong guardrails.

Use the clean package unless you intentionally need a full migration. Before building or transferring the full package, inspect and redact ~/.openclaw for tokens, private chat history, workspace data, and other secrets; protect the archive in transit; rotate any copied credentials as needed; verify OUTPUT_DIR is safe before running the builder; and review the Node/NVM installer before executing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes a 'full' image that includes DreamMoon configuration and conversation records, and even states it contains Feishu and gateway tokens for direct use. Distributing or redeploying such an image can expose credentials, private chat history, and other sensitive state to anyone with access to the image or host, creating a clear confidentiality risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to export the deployment package and copy it to another server without warning that the package may contain sensitive configuration and prior conversation data. This normalizes insecure transfer and reuse of a bundle that may embed credentials and private records, increasing the likelihood of accidental disclosure during migration or sharing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally executes `rm -rf "$OUTPUT_DIR"` before recreating the directory tree, and `OUTPUT_DIR` is explicitly overridable via an environment variable. While the variable is quoted, this still allows destructive deletion of any path a user or calling process provides, including important directories, with no confirmation, path validation, or safety guardrails.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
In full mode, the script creates and mounts a persistent host directory at /home/zfanmy/openclaw_data/workspace into the container, which causes data written by the application to survive container restarts. This is not inherently malicious, but without clear warning, consent, or access-control checks, users may unintentionally persist sensitive data, credentials, or history on the host filesystem.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal