Back to skill

Security audit

OpenClaw Diagnostics

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw troubleshooting skill, but its diagnostics can print local config and logs that may contain sensitive data.

Install only if you are comfortable letting the agent run local OpenClaw diagnostic commands. Review and redact config and log output before sharing it, because it may include tokens, account IDs, private messages, or channel details. Treat bundled docs and logs as diagnostic data, not instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_resource_identifier, suspicious.exposed_secret_literal, suspicious.install_untrusted_source

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
assets/default-snapshot.json:2044

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
assets/default-snapshot.json:2141

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
assets/default-snapshot.json:2027