Claw Mentor Mentee

Security checks across malware telemetry and agentic risk

Overview

The skill’s mentorship behavior is mostly disclosed, but it gives remote ClawMentor content and local persistent files enough influence over core agent behavior that users should review it carefully before installing.

Install only if you trust ClawMentor and the mentors you subscribe to. Review every proposed change before approving it, especially changes to HEARTBEAT.md, AGENTS.md, SOUL.md, IDENTITY.md, installed skills, cron behavior, and security posture. Periodically inspect or delete ~/.openclaw/claw-mentor/state.json, stored mentor files, and mentor-guidance.md if they no longer reflect what you want your agent to remember or follow.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

High

Confidence: 91% confidence
Finding: The skill repeatedly promises that behavior-shaping changes require explicit human approval, but elsewhere instructs automatic persistence of behavior-governing artifacts such as HEARTBEAT.md entries and some guidance/state changes during setup and first-run flows. In an agent framework, silently modifying files that influence future behavior undermines user consent and can create durable behavior drift even if later changes are nominally reviewed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal