llmfit

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent local model advisor that runs a dedicated hardware-checking tool and may help configure OpenClaw to use a recommended local model.

Install only if you are comfortable trusting the external llmfit CLI to inspect local hardware details. Before applying any openclaw.json changes, review the proposed model/provider setting and approve it explicitly, especially if setting a new default model.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly instructs the agent to update `openclaw.json` and even provides concrete JSON snippets, but it does not require explicit user confirmation or warn that this changes a local configuration file. In an agent setting, this can normalize silent or automatic config modification, leading to unintended persistence, model/provider changes, or disruption of the user's local setup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal