Security audit
Agent Analytics
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed product analytics assistant that uses a pinned external CLI for login, tracking setup, and analytics reads, with no evidence of hidden or destructive behavior.
Before installing, be comfortable with an external analytics CLI being run through npx, browser-based account approval, local storage of an auth config, and code changes that add tracking to your product. Keep the .openclaw auth directory out of git, confirm the analytics project and goals before context is stored, and review any tracker events before they are added.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
