Back to skill

Security audit

Windows Api Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local OpenClaw API usage monitor that reads local usage logs and writes local reports, with no evidence of hidden exfiltration, destructive behavior, or automatic privileged execution.

Install only if you are comfortable with the skill reading local OpenClaw usage logs and creating local report/state files. Keep generated reports private, review any custom output path before sharing results, and only run continuous monitoring or scheduled-task examples when you intentionally want ongoing checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documentation advertises continuous monitoring and log cleanup capabilities but does not clearly warn users that it may perform ongoing access to usage/log data or delete historical logs. In a monitoring skill, this omission is risky because users may enable persistent data collection or destructive cleanup without understanding privacy and retention consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.