Back to skill

Security audit

Openclaw Godmode Skill Repo

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it gives an agent broad development, shell, browser, and GitHub authority with weak activation and approval boundaries.

Install only if you intentionally want a highly autonomous development orchestrator. Use it in trusted repositories, scope GitHub and MCP credentials narrowly, avoid live customer or secret-bearing pages during screenshot testing, and require explicit approval before file writes, shell commands, PR merges, issue closure, releases, tags, CI/CD actions, or production-like operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README instructs users to trigger powerful workflows through broad natural-language phrases such as 'New Feature', 'Bug Fix', and 'Prepare Release', which can make activation overly permissive and ambiguous. In a self-orchestrating multi-agent skill that can modify code, run tests, update docs, and potentially interact with GitHub, this increases the chance of unintended or over-broad execution from casually phrased prompts or injected task text.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes autonomous research, architecture, implementation, testing, documentation, and release-style operations, but does not prominently warn that these actions may change codebases, consume paid resources, or affect external systems such as GitHub and test environments. Because the skill is specifically designed to orchestrate multiple agents and tools, the lack of strong safety boundaries can lead users to authorize impactful actions without understanding scope or consequences.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill's activation logic is effectively unconditional: it instructs the orchestrator to begin classifying and acting on any user request without requiring explicit invocation boundaries, scope checks, or confirmation before using powerful tools and subagents. In a skill that advertises Bash, WebFetch/WebSearch, GitHub, file write/edit, network access, and credentials, this broad trigger surface increases the chance of unintended execution paths, overreach, and prompt-injection-driven tasking from ordinary user input.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The migration guide presents broad trigger phrases such as "New Feature: X", "Bug Fix: X", and similar commands without any scope constraints, confirmation requirements, or limits on when the orchestration skill should activate. In a self-orchestrating multi-agent development skill, this increases the chance of unintended activation and overbroad task execution, especially when user text, pasted issue content, or repository context accidentally matches these patterns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.