openclaw-collab

Security checks across malware telemetry and agentic risk

Overview

This is a coherent collaboration helper, but it gives another agent broad persistent memory access and delegated publishing authority without enough scoping or approval guidance.

Install only if you intentionally want Hermes and OpenClaw to share persistent workspace state and delegate work. Inspect the referenced local scripts first, restrict writes to a dedicated collaboration folder, and require explicit human approval before publishing to ClawHub or sending tasks that can change accounts, files, or public content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly recommends direct writes into a shared OpenClaw workspace and collaboration memory without guardrails about authorization, integrity, or side effects. In a multi-agent/shared-state environment, this can cause unintended task triggering, memory poisoning, or corruption of another agent's working context.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The publishing workflow instructs sending a local skill to an external service (clawhub.ai) and includes commands that may disclose code, metadata, and potentially embedded secrets, but gives no privacy, review, or approval warning. This creates a real exfiltration risk if sensitive files, proprietary logic, or credentials are present in the skill directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal