Back to skill

Security audit

Daily Summary

Security checks across malware telemetry and agentic risk

Overview

This skill reads local OpenClaw usage status and writes a dated daily summary file, which matches its stated purpose.

Install only if you are comfortable with the agent reading local OpenClaw usage via `openclaw status --json` and saving daily summaries into your OpenClaw memory folder. Review generated summaries for sensitive task details, and inspect any separate cron script yourself before scheduling automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly creates or updates a local file under ~/.openclaw/workspace/memory without warning the user that it will modify local state. Silent file writes are risky because they can overwrite existing notes, create persistence artifacts, or be chained with automation to alter user data without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.