Security audit

openclaw-traffic-guardian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed specification-only security skill for opt-in OpenClaw traffic monitoring, with no active proxy or runtime code included in this release.

Install only if you want an OpenClaw security-monitoring scaffold and are comfortable with future opt-in proxy inspection work. Keep any implementation process-scoped, verify release artifacts before standalone installs, and review trigger wording if accidental activation around social-account requests would be a problem.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase "review social account mutations" is broad enough to match generic review or social-account requests that may fall outside the intended OpenClaw traffic-monitoring scope. In agent ecosystems where trigger phrases control skill activation, overbroad matching can cause unintended invocation of a security-oriented skill, leading to prompt-context interference, incorrect policy review behavior, or unnecessary exposure of user content to this skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal