ClawHub

ziniao-assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Ziniao browser-control skill, but it asks the assistant to handle API keys in ways users should review carefully before installing.

Install only if you trust the Ziniao bridge and are comfortable giving the assistant browser-control authority. Prefer setting ZCLAW_API_KEY through an environment variable or secure credential mechanism instead of pasting it into chat; if you use the config file, protect it, know how to delete or rotate the key, and keep the bridge bound to localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to persist a user-supplied API key to ~/.zclaw/config.json without requiring an explicit consent step or warning that the secret will be stored on disk. Persisting credentials from chat to a filesystem location increases exposure to other local processes, backups, logs, or later unintended reuse.

Ssd 3

High
Confidence
96% confidence
Finding
The skill directs the assistant to load the API key into conversation context and reuse it for all subsequent requests, which unnecessarily broadens secret exposure within the agent's working memory. Secrets retained in conversational/session context are at higher risk of accidental disclosure, prompt leakage, tool misuse, or propagation to unrelated future actions in the same session.

Ssd 3

High
Confidence
97% confidence
Finding
Accepting API keys directly from chat, writing them to disk, and immediately reusing them combines multiple risky behaviors: secret collection via untrusted prompt input, plaintext persistence, and automatic operational use without validation or consent. In a skill context, this makes credential handling easy to abuse and raises the chance of exfiltration or misuse if prompts, files, or local environment are compromised.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal