gold-market
Security checks across malware telemetry and agentic risk
Overview
The available evidence shows a disclosed, purpose-aligned OpenClaw/ClawHub skill or tooling artifact with no confirmed malicious or materially suspicious behavior.
Before installing, confirm you trust the publisher and only run publish, update, moderation, or authenticated registry commands when you intend those account or remote changes. Treat any local auth/config files and service credentials used by the tooling as sensitive.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.