ClawHub

OpenClaw Windows WSL2 Install Guide

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw WSL2 install guide, but it tells users to make broad privilege, firewall, and remote-installer changes without enough safety scoping.

Review the commands before installing. Avoid blanket passwordless sudo, open port 18789 only if you need it and can restrict access, and inspect or verify the remote install script before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide recommends adding `openclaw ALL=(ALL) NOPASSWD: ALL` to `/etc/sudoers`, which grants unrestricted passwordless root escalation to that user. In a developer environment that also runs downloaded tooling and plugins, this meaningfully increases the blast radius of command injection, compromised packages, or accidental destructive commands.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide opens an inbound Windows Firewall rule for TCP port 18789 without clearly warning that this may expose the OpenClaw service to other hosts on the local network, depending on firewall profile and bind behavior. If the service is unauthenticated or weakly protected, this can enable unintended remote access.

Missing User Warnings

High
Confidence
99% confidence
Finding
`curl -fsSL https://molt.bot/install.sh | bash` executes network-fetched code immediately with no integrity verification, review step, or trust explanation. A compromised server, DNS/proxy path, TLS interception, or malicious script update would lead to arbitrary code execution on the user's WSL environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal