Openclaw Skill Observability

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow observability helper, but its error tool can show sensitive local OpenClaw log and session details to whoever invokes it.

Install this only where the caller or chat is trusted to view local OpenClaw operational telemetry. Review output before forwarding it, because raw log lines and failed-session summaries may reveal paths, stack traces, session titles, identifiers, usage amounts, or other sensitive details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill reads user service logs with `journalctl --user -u openclaw-gateway -n 100 --no-pager` and returns filtered log lines directly. System and service logs often contain sensitive operational details, identifiers, prompts, stack traces, paths, or secrets, so exposing them through a skill increases information disclosure risk even without command injection.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill accesses `journalctl` and surfaces recent error and warning lines without any user-facing warning or consent flow. Because logs can contain sensitive data and operational context, undisclosed collection and exposure of raw log content creates a meaningful privacy and information-leak risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal