OpenClaw Exec Permission

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill explains how to persistently disable OpenClaw command restrictions and approvals, so users should review it carefully before following it.

Install only if you intentionally want administrative guidance for OpenClaw exec safeguards. Do not follow the full/off example on shared, production, or sensitive machines; prefer allowlist with approvals, and make a clear rollback plan before changing protected exec settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This skill gives concrete instructions to directly edit protected configuration and set `tools.exec.security='full'` and `tools.exec.ask='off'`, which disables both execution restrictions and approval gates. In an agent skill context, that materially lowers the barrier to unrestricted command execution and privilege abuse, and the skill does not provide prominent risk framing, least-privilege guidance, or compensating controls around when this is acceptable.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal