Openclaw

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives a remote service and broad automatic recovery rules meaningful influence over agent behavior.

Install only if you trust vial.ai and are comfortable with remote repair lookups, anonymous telemetry, local /tmp logging, and automatic recovery behavior. Avoid using it for sensitive, financial, purchase, account-changing, or public-posting workflows unless you can enforce explicit confirmation and read-only verification boundaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented as a self-healing/runtime aid, but it also instructs the agent to contact a remote service for strategy lookup and telemetry. That expands the trust boundary and creates undisclosed data egress and remote influence over agent behavior, which is risky for a user-invocable skill.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill directs the agent to run shell commands and curl requests as part of routine operation, including remote fetches and local file writes. For a broadly invocable runtime skill, this grants unnecessary execution and network behaviors that can be abused or triggered in contexts where such side effects are unsafe.

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The documentation says Vial never transmits credentials, but it still sends authentication-related event data to a remote telemetry endpoint. Even if credentials themselves are not sent, auth failure metadata can reveal sensitive operational state and the claim may mislead users about the privacy impact.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill is user-invocable and described in very broad terms, without tight activation boundaries or explicit limits on when its protocols should run. Because it contains instructions to execute tools, write logs, make network calls, and alter agent behavior, ambiguous scope increases the chance of unintended activation and side effects.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill performs local logging to /tmp and background telemetry, but the user-facing description does not clearly warn about these side effects before invocation. Hidden persistence and outbound communication are security-relevant behaviors, especially in a user-invocable skill that may be enabled in sensitive environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal