audit-exec

Security checks across malware telemetry and agentic risk

Overview

This is a local command-history audit skill, but it reads sensitive transcripts by default and its whitelist can cause risky commands to be reported as OK.

Install only if you are comfortable with a local script reading and printing OpenClaw command history. Use an explicit transcript path when possible, avoid sharing reports without reviewing them for secrets, and tighten the whitelist before relying on the audit results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase “执行审计” is very broad and overlaps with ordinary user language, so the skill may activate unintentionally during unrelated conversations. Because this skill audits transcripts and inspects execution history, accidental invocation can expose command history or cause unintended processing of sensitive session data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script automatically reads the latest transcript from a hard-coded OpenClaw sessions directory, which may contain sensitive command history, paths, arguments, and secrets. Because this access happens by default and without explicit user consent or a warning, operators can unintentionally expose private operational data when running the skill or sharing its output.

VirusTotal

6/65 vendors flagged this skill as malicious, and 59/65 flagged it as clean.

View on VirusTotal