@openclaw/orchestration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local task-queue skill, with ordinary shared-state and logging cautions but no evidence of hidden malicious behavior.

Install this only in a workspace where the local agents and sibling interchange code are trusted. Avoid putting secrets in task descriptions, result summaries, or failure reasons because they may be stored in SQLite and regenerated into Markdown files. Treat restore as a destructive local database replacement and keep separate backups before using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The code persists the raw failure reason directly into the `handoff_log` action field, which can capture sensitive data, internal errors, file paths, tokens, or user-provided content without any minimization or disclosure. While this is not an injection issue because parameterized queries are used, it is still a privacy and information-exposure risk if logs are later viewed by operators, other agents, or exported.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal