Manage OpenClaw's use of models available at wisgate.ai API

Security checks across malware telemetry and agentic risk

Overview

This is a focused Wisgate model-management skill, with disclosed config edits and Firecrawl credential use that users should approve carefully.

Install this only if you want an agent to help manage Wisgate model entries. Ask to review changes to openclaw.json and MODELS.json before they are written, and only allow the Firecrawl fallback if you trust the separate Firecrawl script and are comfortable using the API key stored in TOOLS.md.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs use of a credentialed Firecrawl call and tells the agent where to find the API key, but it does not include any warning to avoid revealing, logging, or mishandling that secret. In an agent setting, this increases the chance of accidental secret exposure through command history, output, or transmission to unintended contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal