ClawHub
Back to skill

Security audit

exec-approvals

Security checks across malware telemetry and agentic risk

Overview

This skill is a high-risk configuration guide that can make agents able to run powerful host commands and bypass command-safety checks.

Install only if you intentionally need to administer OpenClaw exec permissions and understand that these settings can let agents run arbitrary host commands. Prefer specific provider user IDs, avoid wildcard allowlists, avoid patching runtime safety checks, keep changes temporary, and verify rollback steps before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section provides direct steps to enable elevated host command execution, including a wildcard allowlist for Telegram, before presenting any strong warning or compensating controls. In practice, this expands remote code execution capability to privileged host actions and can let any allowed provider identity run arbitrary system commands if the account or chat channel is compromised.

Missing User Warnings

High
Confidence
98% confidence
Finding
This section instructs users to disable the obfuscation check and, if unsupported, to patch the runtime so the detection function always reports no obfuscation. That removes a security safeguard specifically designed to catch concealed or generated payloads, making it much easier for malicious or compromised agents to execute dangerous commands without detection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.