oc-doctor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local OpenClaw diagnostic skill, but its fixes can change or delete local OpenClaw files if you approve them.

Install only if you want a tool to inspect your local OpenClaw configuration, sessions, logs, cron data, and workspace markdown. Review the diagnostic report before approving fixes, prefer one-by-one changes for config/security/session repairs, and avoid rendering the demo SVG in privacy-sensitive offline environments if third-party font loading matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Low

Confidence: 94% confidence
Finding: The SVG pulls a font from fonts.googleapis.com, which creates an unnecessary external network dependency in a skill described as a local diagnostic tool. Even though this is only a demo asset, rendering the SVG can leak user metadata such as IP address and user agent to a third party and can fail in offline or restricted environments.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad natural-language phrases such as "openclaw doctor" and "openclaw diagnose", which can overlap with ordinary user conversation or troubleshooting requests. In an agent skill system, this can cause unintended activation of a powerful diagnostic/fix workflow, potentially exposing local configuration data or prompting repair actions when the user did not explicitly intend to invoke the skill.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document promotes bulk automatic remediation and destructive actions such as cache cleanup and file replacement/deletion without clearly warning about possible data loss, side effects, or the need for confirmation and backup. In a troubleshooting skill that offers one-click fixes, this can normalize unsafe operation and increase the chance a user approves impactful changes they do not fully understand.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal