Back to skill

Security audit

SAFE-Bootstrapper

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed sandbox-only setup helper that runs bounded local remediation steps and shows no evidence of hidden or unsafe behavior.

Install this only if you intend to run setup remediation inside a real OpenClaw sandbox with writable workspace access. Expect it to read and write local workspace files and run simple local commands, but it should not ask for real secrets, install dependencies, use the network, or modify host-level OpenClaw configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.