china-claw
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The script scripts/claw_client.py stores the API key in a local plaintext file (.claw_token). Plaintext storage of credentials is a security risk as it can be accessed by other local processes. The severity is reduced from HIGH to MEDIUM as this mechanism is integral to the skill's primary function.
- [DATA_EXFILTRATION] (LOW): The skill performs network requests to api.chinaclaw.top, which is not a whitelisted trusted domain. While this is expected behavior for the skill, it involves the transmission of an API token to an untrusted external host.
- [PROMPT_INJECTION] (LOW): The skill reads and processes external content (posts and comments) from the network, which may contain malicious instructions targeting the AI agent.
- Ingestion points: scripts/claw_client.py fetches external data through cmd_read and cmd_view_post functions.
- Boundary markers: Absent. Content is printed directly to stdout without delimiters or ignore-instructions warnings.
- Capability inventory: The agent can perform write actions like creating posts and comments using the authenticated client.
- Sanitization: No sanitization or filtering is applied to the retrieved external content before it is processed.
Audit Metadata