Back to skill

Security audit

Multi-Agent Deployment Skill for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is coherent, but it includes powerful cloud, routing, memory-server, and deletion capabilities without enough guardrails or warnings.

Install only if you are prepared to review and run the scripts manually. Use dry-run first, protect cloud credentials, avoid exposing the shared-memory REST API beyond localhost unless you add authentication and network controls, narrow routing rules before production use, and back up shared memory and agent directories before following reset procedures.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The router examples include very generic triggers like "help," "assist," "support," "find," and "what is," which can cause this deployment-oriented skill or its agents to activate for unrelated ordinary prompts. In context, that is risky because the skill includes code generation, filesystem setup, routing config changes, and deployment behaviors, so overbroad matching increases the chance of unintended high-impact actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly emphasizes executable scripts, file generation, cloud deployment, and starting an HTTP API, but it does not pair those capabilities with prominent warnings about side effects such as overwriting configs, creating persistent agent state, opening listening services, or deploying infrastructure with cost/security implications. Users may treat it like passive documentation and trigger impactful operations without understanding their consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recovery procedure includes `rm -rf /data/.openclaw/shared_memory/*` to reinitialize shared memory, but the documentation does not prominently warn that this irreversibly deletes operational state and may cause data loss if backups are absent or stale. In a troubleshooting guide, operators are likely to copy-paste commands under pressure, which makes destructive commands without explicit confirmation or safeguards materially risky.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The optional agent reset commands delete agent memory and temp data, but the guide does not clearly emphasize that this may erase conversation state, cached work products, or forensic evidence needed for debugging. Because this appears in a recovery section, users may execute it quickly and unintentionally destroy important state.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
cp /backup/shared_data.json.backup /data/.openclaw/shared_memory/shared_data.json
else
  # Reinitialize shared memory
  rm -rf /data/.openclaw/shared_memory/*
  python scripts/memory_sync.py --init --path /data/.openclaw/shared_memory
fi
Confidence
89% confidence
Finding
rm -rf /data/.openclaw/shared_memory/* python scripts/memory_sync.py --init --path /data/.openclaw/shared_memory fi # Restart system openclaw gateway start ``` ### Agent-Specific Recovery **For i

Tool Parameter Abuse

High
Category
Tool Misuse
Content
cp /backup/shared_data.json.backup /data/.openclaw/shared_memory/shared_data.json
else
  # Reinitialize shared memory
  rm -rf /data/.openclaw/shared_memory/*
  python scripts/memory_sync.py --init --path /data/.openclaw/shared_memory
fi
Confidence
89% confidence
Finding
rm -rf /data/.openclaw/shared_memory/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
/data/.openclaw/agents/<agent-name>

# Reset agent state (optional)
rm -rf /data/.openclaw/agents/<agent-name>/memory/*
rm -rf /data/.openclaw/agents/<agent-name>/workspace/temp/*

# Restart agent
Confidence
93% confidence
Finding
rm -rf /data/.openclaw/agents/<agent-name>/memory/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Reset agent state (optional)
rm -rf /data/.openclaw/agents/<agent-name>/memory/*
rm -rf /data/.openclaw/agents/<agent-name>/workspace/temp/*

# Restart agent
openclaw agent start <agent-name>
Confidence
92% confidence
Finding
rm -rf /data/.openclaw/agents/<agent-name>/workspace/temp/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.