Openclaw Wealth Guide

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed data collection skill with broad scraping, file, database, export, and scheduling features, but I found no hidden exfiltration, destructive behavior, or automatic privileged execution.

Install only if you intend to grant a tool broad data-collection authority. Configure it with authorized sources only, avoid placing long-lived secrets in plain config files, review scheduled jobs before enabling them, and direct exports to controlled paths because it can read configured files/databases and write local output files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (43)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_command(cmd, cwd=None): """运行命令并返回结果""" print(f"执行: {cmd}") result = subprocess.run(cmd, shell=True, cwd=cwd, capture_output=True, text=True) if result.stdout: print(f"输出: {result.stdout[:500]}...")
Confidence: 95% confidence
Finding: result = subprocess.run(cmd, shell=True, cwd=cwd, capture_output=True, text=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_command(cmd, cwd=None): """Run command and return result""" print(f"Execute: {cmd}") result = subprocess.run(cmd, shell=True, cwd=cwd, capture_output=True, text=True, encoding='utf-8', errors='replace') if result.stdout: # Safe print for stdout
Confidence: 93% confidence
Finding: result = subprocess.run(cmd, shell=True, cwd=cwd, capture_output=True, text=True, encoding='utf-8', errors='replace')

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes a tool that can collect data from websites, APIs, databases, and local files, schedule recurring jobs, and export results to disk, but it provides no guidance on authorization, privacy, data sensitivity, rate limiting, or storage safety. In an agent skill context, this omission increases the chance that users deploy the capability against unauthorized sources or mishandle collected data, leading to privacy, compliance, or local system impact issues.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The usage examples explicitly instruct scraping remote URLs and saving outputs locally, yet they omit warnings about permission, terms-of-service compliance, personal-data collection, and the risk of overwriting or exposing local files. Because READMEs shape real user behavior, these examples normalize potentially unsafe collection and storage practices in a tool designed for automation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes web scraping, API calls, database queries, file reads, exports, and scheduled execution, but does not warn users that these operations may collect, store, and repeatedly process sensitive or regulated data. In a data-harvesting skill, omission of privacy, retention, consent, and scheduling warnings can lead to unsafe deployment and unintentional over-collection or persistence of sensitive information.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The manifest advertises automated data collection, processing, and export across multiple source types including web, API, database, and file, but provides no warning or constraints around handling sensitive data, credentials, or privacy-sensitive material. In a skill explicitly designed for harvesting and exporting data, the lack of user-facing disclosure and guardrails increases the risk of over-collection, misuse of secrets in auth fields, and exfiltration of personal or regulated data.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The manifest declares web:fetch, web:search, browser:automate, and network:outbound scopes for collecting data but provides no privacy or transmission warning. Because this skill is explicitly a data harvester, the context makes outbound transmission more sensitive: users may not understand what sources are contacted, what data is sent externally, or whether collected content contains sensitive information.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The manifest declares web:fetch, web:search, browser:automate, and network:outbound scopes for collecting data but provides no privacy or transmission warning. Because this skill is explicitly a data harvester, the context makes outbound transmission more sensitive: users may not understand what sources are contacted, what data is sent externally, or whether collected content contains sensitive information.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 安装: pip install -r requirements-dev.txt # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0
Confidence: 88% confidence
Finding: pytest>=7.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0
Confidence: 88% confidence
Finding: pytest-cov>=4.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0 # 代码质量和风格
Confidence: 88% confidence
Finding: pytest-mock>=3.10.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0 # 代码质量和风格 black>=23.0.0
Confidence: 88% confidence
Finding: pytest-asyncio>=0.21.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pytest-asyncio>=0.21.0 # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0
Confidence: 90% confidence
Finding: black>=23.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0
Confidence: 87% confidence
Finding: flake8>=6.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0
Confidence: 87% confidence
Finding: isort>=5.12.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0 # 文档生成
Confidence: 87% confidence
Finding: mypy>=1.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0 # 文档生成 sphinx>=7.0.0
Confidence: 88% confidence
Finding: pre-commit>=3.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pre-commit>=3.0.0 # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0
Confidence: 87% confidence
Finding: sphinx>=7.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0 # 构建和发布
Confidence: 87% confidence
Finding: sphinx-rtd-theme>=1.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0 # 构建和发布 build>=0.10.0
Confidence: 87% confidence
Finding: myst-parser>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: myst-parser>=2.0.0 # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0
Confidence: 88% confidence
Finding: build>=0.10.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0 # 其他开发工具
Confidence: 88% confidence
Finding: twine>=4.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0 # 其他开发工具 ipython>=8.15.0
Confidence: 90% confidence
Finding: wheel>=0.40.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: wheel>=0.40.0 # 其他开发工具 ipython>=8.15.0 jupyter>=1.0.0 autopep8>=2.0.0 bandit>=1.7.0 # 安全扫描
Confidence: 92% confidence
Finding: ipython>=8.15.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 其他开发工具 ipython>=8.15.0 jupyter>=1.0.0 autopep8>=2.0.0 bandit>=1.7.0 # 安全扫描
Confidence: 88% confidence
Finding: jupyter>=1.0.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal