Back to skill

Security audit

Multi-Agent Deployment Skill for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it can overwrite OpenClaw configuration and agent memory files and restart a remote VPS container without strong safety controls.

Review the scripts before running them, especially deploy.sh, routing_config.py, agent_setup.py, and memory_sync.py. Use a staging OpenClaw instance first, avoid root SSH if possible, back up /data/.openclaw and the VPS data directory, and expect the deploy script to restart the OpenClaw container.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs use of automation that creates workspace structures, writes configuration files, syncs memory files, and deploys artifacts to a VPS, but it does not declare corresponding permissions or clearly scope those write operations. That mismatch can mislead users and hosting systems about the skill’s actual capabilities, reducing informed consent and increasing the risk of unintended file modification or unsafe execution in privileged directories like /data/.openclaw.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The deployment step tells users to run a shell script against a remote VPS as root and notes that it restarts the container, but it provides no warning about service interruption, remote state changes, credential sensitivity, or the need to inspect the script before execution. In this context, the skill is specifically about production multi-agent deployment, which makes the omission more dangerous because users are encouraged to run impactful infrastructure changes on live systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script rewrites each target MEMORY.md in place with no backup, dry-run mode, prompt, or atomic safety checks. Because it operates across multiple agent workspaces and aggregates content before writing, a mistake in the base path, malformed section matching, or unexpected file contents could silently overwrite user-maintained memory data at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.