Security audit

OpenClaw Collaboration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw collaboration guide with powerful operational examples, but no hidden code or deceptive behavior was found.

Install only in a trusted OpenClaw environment. Treat it as an operations guide, not a read-only helper: require explicit approval before memory writes, configuration edits, service restarts, delegated agent tasks, or Feishu/message delivery.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s manifest and top-level framing understate the actual capabilities described later in the document, including configuration modification, service restart procedures, and external message delivery. This mismatch can cause operators or downstream systems to grant broader trust or permissions than intended, increasing the risk of unsafe execution in a system-level context.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The section labels the mode as read-only, but then instructs Hermes to perform writes to memory files. That contradiction can bypass user expectations, policy checks, or automation relying on the read-only label, leading to unintended file modification and possible corruption of shared state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.