New Agent Setup

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw onboarding skill, but it asks users to handle Discord bot credentials and grant broad/persistent access in ways that deserve careful review.

Install only if you administer the intended OpenClaw environment. Before using it, avoid pasting Discord bot tokens into chat, prefer a secret manager or environment variable over plaintext config when supported, grant only the minimum Discord permissions needed, limit OneDrive links to approved folders, and record any cron entries and agent registrations so they can be disabled later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs handling high-value secrets such as a Discord Bot Token and Application ID without any explicit warning about secure collection, redaction, storage, or non-disclosure. This increases the risk of credential exposure in chat logs, notes, or files, which could allow unauthorized control of the bot and associated Discord resources.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: These instructions direct impactful system changes—editing openclaw.json, restarting the gateway, registering an agent, creating cron jobs, creating symlinks, and sending onboarding messages—without any warning, approval gate, rollback guidance, or validation safeguards. If triggered in error or followed carelessly, they could disrupt service, alter routing, create persistence, or misconfigure access to shared resources such as OneDrive.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The checklist explicitly asks an operator to obtain and provide a Discord bot token, which is a sensitive secret, but gives no guidance on secure handling, storage minimization, masking, or rotation. In an agent-skill context, normalizing collection of plaintext credentials increases the chance the token is copied into chat, files, logs, or version-controlled configuration where it can be stolen and used to impersonate the bot.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions direct writing the bot token directly into `openclaw.json`, a persistent configuration file, without any warning about plaintext secret exposure. Storing long-lived credentials in an ordinary config file materially raises the risk of disclosure through backups, filesystem compromise, accidental commits, support bundles, or overbroad read permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal