Openclaw Workspace Governance Installer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed installer for an OpenClaw governance plugin, with expected but impactful workspace configuration actions that users should run deliberately.

Before installing, verify the package and GitHub repository, avoid `@latest` for production if you need reproducible installs, back up important workspace configuration, and review proposed `openclaw.json`, Brain Docs, migration, and uninstall changes before approving them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill explicitly advertises commands that edit platform configuration and perform uninstall operations, but it does not prominently warn users about the potential for service disruption, misconfiguration, or removal side effects. In a user-invocable installer skill, omission of these cautions can lead users to run impactful commands without understanding rollback limits, downtime risk, or data/configuration consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal