Back to skill

Security audit

Comprehensive skill for installing, configuring, and managing the OpenClaw ecosystem (Gateway, Channels, Models, Automation, Nodes, and Deployment)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw CLI wrapper, but its safety gate leaves several powerful command groups less controlled than the documentation suggests.

Review this before installing if you expect the wrapper to be a strict safety boundary. Only use it with a trusted local openclaw CLI, avoid granting agents broad access to the wrapper, and treat config, gateway, channel, model, agent, message, security, and approvals commands as capable of changing real settings or account state even when OPENCLAW_WRAPPER_ALLOW_RISKY is not set. Avoid bulk shell-environment import and plaintext API keys unless you understand where those secrets may be used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly enables importing the entire shell environment into the application without warning about the risk of unintentionally exposing secrets such as API keys, tokens, or cloud credentials to plugins, tools, logs, or downstream model/tool executions. In a config reference, this can normalize insecure deployment practices and increase the blast radius of any later compromise or prompt/tool leakage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The inline example shows plaintext API keys embedded directly in configuration, which encourages users to store long-lived secrets in files that may be checked into source control, backed up, or exposed to local compromise. Although the document later describes secret references, this example still models an insecure pattern without an immediate caution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.