Security audit

Win Openclaw Config

Security checks across malware telemetry and agentic risk

Overview

This is a small Windows-focused configuration note with no executable code, credential use, network activity, or hidden behavior.

Install only if you want Windows-oriented OpenClaw configuration guidance. Treat the listed settings as documentation or examples unless you separately confirm the referenced OpenClaw configuration APIs exist in your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: The natural-language description frames the skill as providing configuration specifically for Windows platforms, without indicating any user choice, opt-in, or justification for restricting behavior to that platform context. Under the policy rule for language/locale-style constraints, this kind of forced platform-specific constraint can be treated as an undocumented limitation that should be explicitly justified or made optional.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.