Openclaw Signet

Security checks across malware telemetry and agentic risk

Overview

This skill is a local integrity checker, but it also contains under-documented commands that can move, quarantine, delete, and restore installed skills.

Install only if you want a local verifier that can also change installed skills. Prefer sign, verify, list, and status first; make backups before using reject, quarantine, restore, or protect, and pass only the intended OpenClaw workspace path.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The README advertises security-enforcement features like rejecting unsigned skills, quarantining tampered skills, restoring trusted state, and pre-install verification, but the documented implementation only describes hashing and reporting differences. This creates a dangerous false sense of protection: operators may rely on controls that do not actually exist, allowing tampered or untrusted skills to be installed or continue running unchecked.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal