Agent Control

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides chat commands for managing OpenClaw agents, including persistent changes like binding and deletion, with the main risk being accidental misuse of those powerful commands.

Install this only if you want chat-driven control over OpenClaw agent configuration. Double-check agent names and bindings before running commands, and require explicit confirmation before any delete operation, especially if invoking the helper script directly.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to execute external `openclaw` CLI commands, which is shell-capable behavior, yet no permissions are declared. This creates an authorization and containment gap: a user invoking the skill can trigger agent creation, binding changes, identity changes, and deletion operations without an explicit permission model or runtime guardrails documented in the skill.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The delete action immediately executes agent deletion based solely on provided input, with no confirmation prompt, dry-run mode, or secondary validation. In a chat-driven control skill, this raises the likelihood of accidental or induced destructive actions that can remove agent configurations or workspaces with little friction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal