Windows Embedding Setup

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Windows setup guide for local OpenClaw embeddings, with some normal caution needed because it changes the local app installation and configuration.

Before installing, confirm you trust the Hugging Face model URL and the `node-llama-cpp` npm package, back up `openclaw.json`, and run the commands only in the OpenClaw installation you intend to modify. Be aware that app updates may overwrite changes made inside bundled resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The document instructs users to run `npm install node-llama-cpp` inside the application's bundled resource directory and later create and execute a custom local script against internal application files, but it does not include clear warnings that these actions modify the local installation and may affect application integrity or supportability. While the apparent goal is troubleshooting and enabling local embeddings, the guidance normalizes direct tampering with packaged app contents, which can lead users to make risky changes without understanding rollback, trust, or supply-chain implications.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal