Autonomous Decision Making
Medium
- Category
- Excessive Agency
- Content
## Intended approval rules in the local full package No approval intended: - AI-only execution - `read`
- Confidence
- 75% confidence
- Finding
- No approval
CLI Agent Bridge for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill package describing a separate local CLI bridge, with no executable runtime included.
Installing this ClawHub package should only add documentation. Before using the separate local companion it describes, inspect that companion's PowerShell and batch scripts, choose a narrow workspace root, and confirm which local AI provider accounts may receive prompts or file contents.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Autonomous Decision Making
Medium
- Category
- Excessive Agency
- Content
In the local full package: - `read`, `list`, and `exists` are intended to run without approval - `mkdir`, `write`, and `append` are intended to require explicit approval ## Important note
- Confidence
- 75% confidence
- Finding
- without approval
VirusTotal
64/64 vendors flagged this skill as clean.