Openclaw Tlon 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw Tlon plugin is coherent with its messaging purpose, though it needs normal account credentials and network access to operate.

Install only if you intend OpenClaw to connect to your Tlon/Urbit account, read and respond to configured DMs or group channels, and upload media through Tlon storage. Avoid passing the login code in shared shells, CI logs, or command history, and enable private/internal network access only for a ship URL you control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The schema exposes `network.dangerouslyAllowPrivateNetwork`, which appears to enable access to private/internal network resources. In an agent/plugin context, allowing private-network connectivity can expand the trust boundary and create SSRF-style reachability into internal services if runtime code honors this flag, especially since this file shows no guardrails, warnings, or restriction mechanisms around the option.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The package exposes a sensitive login credential via a CLI flag (`--code`) without any warning that command-line arguments may be captured in shell history, process listings, CI logs, or telemetry. In a messaging plugin context, compromise of this credential could enable unauthorized access to the linked Tlon/Urbit account or service session.

VirusTotal

55/55 vendors flagged this plugin as clean.

View on VirusTotal