Openclaw Sentinel

Security checks across malware telemetry and agentic risk

Overview

The skill is a security scanner with disclosed setup, file changes, and optional cloud analysis, but users should review its OpenClaw configuration edits carefully.

Install if you are comfortable with a security tool that may edit OpenClaw configuration and local environment files after asking. Before approving changes, confirm the exact target path, prefer project-local config unless you intentionally want global settings changed, and opt into api.zetro.ai transmission only for code or prompts you are allowed to share.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest declares writes only to .env and .gitignore, but the instructions direct reading and modifying broader OpenClaw configuration, including a likely global config file. This mismatch expands the skill's effective authority beyond its declared scope, undermining user and platform trust boundaries and increasing the risk of unintended or overly broad configuration changes.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The skill first tells the agent to verify a project-local openclaw.config.ts/.js, then later instructs it to read a different configuration file, typically ~/.openclaw/openclaw.json. Conflicting target files can cause the agent to inspect or modify the wrong configuration scope, including global settings that affect unrelated projects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal