Security audit
OpenClaw Anything (efrageek fork)
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed OpenClaw CLI wrapper that exposes powerful OpenClaw operations, but the risky behavior is documented, user-directed, and partially gated rather than hidden.
Install only if you trust the OpenClaw CLI already on your PATH, because this skill delegates meaningful power to that binary. Keep OPENCLAW_WRAPPER_ALLOW_RISKY unset unless you intentionally need plugin changes, cron automation, browser control, or device pairing, and avoid giving autonomous agents blanket permission to run these commands unattended.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
