ClawHub

Openclaw Zalouser 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw Zalo plugin does what it claims, but it can act as your Zalo account and stores a reusable local login session.

Install only if you are comfortable allowing OpenClaw agents to send Zalo messages and inspect Zalo contacts/groups through your personal account. Keep dmPolicy at pairing or allowlist, prefer numeric IDs over name matching, only use trusted media URLs, and use the provided logout command to clear the local Zalo session when done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This tool exposes actions that can send messages, images, and links and can enumerate friends, groups, and profile data, but the code shown provides no user-facing warning, consent prompt, or confirmation step before performing those actions. In an agent setting, this increases the risk of silent outbound messaging, social engineering, privacy violations, and unintended data access if the tool is invoked by a prompt-injected or mistaken workflow.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The QR login flow captures Zalo session material (IMEI, cookies, user agent) and persists it locally for later reuse. While this is functionally required for session restoration, these are highly sensitive credentials; if the host or state directory is exposed, an attacker could hijack the Zalo account session without re-authenticating.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Loading outbound media directly from a provided URL can trigger server-side network access, creating SSRF risk if untrusted users can influence mediaUrl. This may allow access to internal services, cloud metadata endpoints, or other restricted network locations through the agent host.

VirusTotal

53/53 vendors flagged this plugin as clean.

View on VirusTotal