Back to skill

Security audit

Agent Analytics

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed product analytics assistant that uses a pinned external CLI for login, tracking setup, and analytics reads, with no evidence of hidden or destructive behavior.

Before installing, be comfortable with an external analytics CLI being run through npx, browser-based account approval, local storage of an auth config, and code changes that add tracking to your product. Keep the .openclaw auth directory out of git, confirm the analytics project and goals before context is stored, and review any tracker events before they are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.