openclaw-audit-watchdog

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed audit-reporting watchdog that creates a scheduled OpenClaw audit job and sends reports only to configured recipients.

Install this only on hosts where you want unattended recurring OpenClaw security reports. Before enabling it, verify the DM target, optional email recipient, SMTP/sendmail settings, schedule, and install directory; disable or remove the cron job if you only wanted a one-time audit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes generic phrases such as "security audit", "run audit", and "security report" that are likely to match ordinary user requests, causing this skill to activate in situations broader than intended. Because this skill can set up persistence via cron and send reports externally, accidental invocation increases the chance of unintended privileged actions or data disclosure.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Goal Create (or update) a daily cron job that: 1) Runs: - `openclaw security audit --json`
Confidence: 90% confidence
Finding: Create (or update) a daily cron job that: 1) Runs: - `openclaw security audit --json` - `openclaw security audit --deep --json` 2) Summarizes findings (critical/warn/info + top findings) 3) Sends t

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal