ClawHub

openclaw-audit-watchdog

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-audit automation skill, but it can create unattended recurring jobs and send reports externally after broad triggers, so users should review it before installing.

Install only if you intentionally want daily OpenClaw security audits delivered to the configured DM target and optional email address. Before enabling it, verify PROMPTSEC_DM_CHANNEL, PROMPTSEC_DM_TO, PROMPTSEC_EMAIL_TO, SMTP/sendmail settings, install directory, timezone, and whether PROMPTSEC_GIT_PULL is set. Prefer invoking the setup script deliberately rather than relying on generic audit-related prompts, and review the generated openclaw cron job after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script delegates execution to an external `codex` binary selected from `CODEX_BIN`, `PATH`, or a fixed location, while comments imply the operation is 'safe by default' due to a read-only sandbox. That sandbox applies only to the invoked Codex review session, not to the binary resolution step itself, so a malicious or trojaned `codex` executable could run arbitrary code with the caller's privileges before any sandbox protections matter.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The quick-start flow shows the skill creating an unattended recurring cron job immediately after environment variables are set, without a visible confirmation gate in that example. Because the skill establishes persistence and exfiltrates audit results to DM/email recipients, silent or insufficiently signposted persistence increases the risk of unintended deployment and data disclosure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad and made of common phrases like "security audit", "run audit", and "security report", which can cause the skill to activate in response to generic user requests rather than an explicit request for this specific watchdog. Because this skill can create persistence via cron and send reports externally, accidental invocation is more dangerous than in a read-only skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal