Back to skill

Security audit

Openclaw Config

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw configuration helper, with sensitive but expected config-editing guidance and no evidence of hidden execution, data theft, or unsafe persistence.

Install this only if you want an agent to help manage OpenClaw Gateway configuration. Review proposed changes before applying them, prefer targeted config set/unset operations over whole-config replacement, keep backups, validate after changes, and avoid storing long-lived secrets directly in openclaw.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
This is a mismatch because the description promises an editing and validation skill for OpenClaw config contents, including adding/changing keys and avoiding schema mismatches, but the provided code does not modify config files or inspect their JSON/JSON5 structure. Its actual behavior is a lightweight path-resolution and file-permission check plus an optional call to `openclaw doctor`. While `openclaw doctor` is related to diagnosing config issues, the primary implemented behavior is narrower and materially different from the declared edit-and-validate purpose.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
if [[ -n "${perms}" ]]; then
    echo "Permissions: ${perms}"
    if [[ "${perms}" =~ ^[0-9]+$ ]] && (( perms > 600 )); then
      echo "WARNING: config perms are >600; consider: chmod 600 \"${CONFIG_PATH}\""
    fi
  fi
else
Confidence
80% confidence
Finding
chmod 600

Session Persistence

Medium
Category
Rogue Agent
Content
3. **Apply changes with the smallest safe surface**

- Prefer small edits: `openclaw config get|set|unset` (dot path or bracket notation).
- If the Gateway is online and you want "write + validate + restart" in one step: use RPC `config.patch` (merge patch) or `config.apply` (replaces the entire config; use carefully).
- For complex setups, split config with `$include` (see below).

4. **Validate strictly**
Confidence
60% confidence
Finding
write + validate + restart" in one step: use RPC `config.patch` (merge patch) or `config.apply` (replaces the entire config; use carefully). - For complex setups, split config with `$include` (see bel

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.