Security audit

Configure Openclaw Anyrouter Model And Fix Baseurl

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw troubleshooting skill whose sensitive actions are disclosed and aligned with its purpose, but users should approve config changes and live endpoint tests before use.

Install this only if you want help changing OpenClaw and possibly ClaudeCode model routing. Before letting an agent apply it, ask for a diff, back up openclaw.json and ~/.claude/settings.json, prefer environment-variable API keys over plaintext, confirm the AnyRouter endpoint is intended, and approve any restart or live API test.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill explicitly says it should activate even when the user did not mention OpenClaw, as long as the request resembles local agent model-routing troubleshooting. That broad trigger scope can cause the agent to apply OpenClaw-specific configuration edits, restarts, log inspection, and endpoint tests in the wrong environment, increasing the chance of unintended system changes and misconfiguration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The procedure instructs the agent to overwrite provider settings, switch default models, restart OpenClaw, modify ~/.claude/settings.json, and issue live requests, but it does not foreground safety checks, backups, user confirmation, or outage/cost warnings. In a configuration-management skill, those omissions are risky because they can cause service disruption, fallback masking, credential misuse, or unintended writes to production-like environments.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The eval prompts define very broad troubleshooting scenarios that can trigger on general model-routing or local agent debugging requests, even when the user did not explicitly ask to modify OpenClaw or this specific integration. In a skill-selection pipeline, this can cause over-triggering, leading the agent to apply high-impact configuration guidance in the wrong context or to unrelated tools and files.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The evals and expectations assume Chinese-language interaction without any user-locale check or opt-in, which can bias the skill toward responding in Chinese regardless of user preference. While not a direct code-execution issue, this can cause unsafe misunderstandings during security-sensitive configuration and troubleshooting, especially when users operate in another language.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal