Back to skill

Security audit

LYGO Sovereign Claw Router

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LYGO command-router wrapper with local ledger/memory behavior and no artifact-backed malicious behavior, but it depends on external LYGO runtime code users should review before running.

Review the external LYGO repository and installer before running setup, especially if you enable lyra-openclaw browser/social/token operations or the kernel egg planter. Expect local memory and ledger files to be created under the LYGO stack, and only run commands you intend to authorize.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.