ClawHub

Corpus RAG & KG Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate corpus search connector, but users should treat its API credentials and search queries as sensitive.

Install only if you trust the configured corpus API and the publisher. Protect ~/.openclaw/openclaw.json because it may contain API keys, avoid sharing terminal logs from setup, and do not enter sensitive queries unless that remote corpus service is approved for them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The setup flow handles highly sensitive values such as apiKey and dataAuthKey, stores them in plaintext in a user config file, and later prints them back to stdout in full. This creates unnecessary secret exposure through terminal history, screen logging, shoulder surfing, or local file compromise, while the user-facing messaging understates that secret material will be persisted and displayed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code prints apiKey and dataAuthKey directly to the console after collection. Secrets displayed on stdout can be captured by terminal logging tools, CI logs, remote shells, or anyone observing the screen, turning a local configuration step into a credential disclosure event.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This tool sends the user-provided query to an external HTTP endpoint via `postJson`, but this file provides no user-facing disclosure, consent flow, or indication that the prompt content leaves the local agent context. If users enter sensitive data, it may be transmitted to a remote corpus service unexpectedly, creating privacy and data-handling risk even if transport is otherwise legitimate.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal