Back to skill

Security audit

OpenClaw Gemini Web

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Gemini in a managed browser and includes disclosed TOTP login support, so the main risk is careful handling of Gemini credentials rather than hidden behavior.

Install only if you are comfortable letting the agent operate a Gemini web session and, when explicitly needed, use Gemini login credentials or a TOTP seed. Prefer the managed OpenClaw browser profile, avoid command-line secrets when possible, use Gemini-specific GEMINI_WEB_* variables, and do not point the JSON-file option at unrelated secret stores.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This file implements a standalone TOTP generator that can ingest authentication secrets from environment variables or local JSON files, enabling the skill to handle MFA material unrelated to its declared Gemini web interaction purpose. In the context of an agent skill, this expands capability into credential processing and could be used to facilitate account access, session continuation, or exfiltration of 2FA secrets if invoked inappropriately.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Accepting TOTP secrets directly via command-line flags is dangerous because command-line arguments are commonly exposed through shell history, process listings, job control logs, and telemetry. Since these are authentication secrets, accidental disclosure can allow generation of valid one-time codes and weaken account protection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.