OpenClaw Safe Ops
Security checks across malware telemetry and agentic risk
Overview
This skill has a legitimate safety purpose, but it tells agents to use an unreviewed local wrapper script and gives rollback steps that may restore the wrong file.
Review before installing. The backup-and-health-check idea is reasonable, but do not let an agent run ./scripts/openclaw-safe.sh unless you have inspected that exact local script, and correct the rollback instructions so they restore the exact backup created before the change.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.