Security audit
SAFE-Bootstrapper
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed sandbox-only setup helper that runs bounded local remediation steps and shows no evidence of hidden or unsafe behavior.
Install this only if you intend to run setup remediation inside a real OpenClaw sandbox with writable workspace access. Expect it to read and write local workspace files and run simple local commands, but it should not ask for real secrets, install dependencies, use the network, or modify host-level OpenClaw configuration.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
