Agent Relay

Security checks across malware telemetry and agentic risk

Overview

This relay skill is coherent, but it gives an external relay lasting ability to deliver messages to an agent without enough safety guidance about trust, tokens, or revocation.

Install only if you trust the relay operator or self-host it. Use dedicated, rotateable, low-privilege tokens, avoid connecting a high-privilege default agent, treat inbound relay messages as requests rather than commands, and confirm you can disable the webhook and clear queued messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to send webhook URLs, webhook bearer tokens, team identifiers, and message contents through a third-party relay service, but provides no warning about trust boundaries, data sensitivity, or the consequences of exposing OpenClaw hooks to an external system. In this context, the omission is security-relevant because the relay can observe or misuse metadata and bearer secrets, and users may unknowingly route sensitive agent traffic through infrastructure they do not control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal