Back to skill

Security audit

Openclaw Workspace Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent workspace setup helper, but users should review its persistent agent instructions and avoid copy-pasting its uninstall commands blindly.

Before installing, review the AGENTS.md and TOOLS.md additions and remove any pre-approved domains your agents should not access without confirmation. Keep backups of existing workspace files, verify or supply the missing .env and .gitignore template files, and do not run the documented uninstall commands unless you are in the intended workspace and have backed up artifacts, archives, and configuration you want to keep.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README documents destructive uninstall commands such as `rm -rf artifacts/ memory/archive/` and `rm .env .gitignore MEMORY-COMPACTION.md` without an explicit warning, confirmation step, or guidance to back up user data first. In an agent/workspace setup skill, users may copy-paste these commands directly, causing loss of generated artifacts, archived memory, or secrets configuration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The uninstall section documents destructive file deletion commands, including `rm -rf` and removal of `.env`, while labeling them as 'safe, preserves your data'. That framing is misleading because these commands permanently delete local files in the workspace and can cause data loss if run from the wrong directory or if users stored important secrets or archives there.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly instructs deletion of daily logs older than 30 days after archival, but it does not require a user confirmation step, recovery mechanism, or prominent warning about irreversible data loss. In a workspace-automation skill, this guidance could be operationalized by an agent or user as routine maintenance, causing unintended destruction of potentially important records if archival is incomplete, incorrect, or later found insufficient.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Network Security - Approved Domains
**Only access these domains without asking first:**
- `*.googleapis.com`, `oauth2.googleapis.com` (Google APIs)
- `api.brave.com` (search)
- `api.telegram.org` (messaging)
Confidence
91% confidence
Finding
without asking

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
# Remove added files (safe, preserves your data)
rm -rf artifacts/ memory/archive/
rm .env .gitignore MEMORY-COMPACTION.md

# Restore AGENTS.md, TOOLS.md from backup
Confidence
96% confidence
Finding
rm -rf artifacts/ memory/archive/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.