OpenClaw Multi-Agent HQ Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-oriented builder for OpenClaw multi-agent workspaces, with no evidence of hidden code, credential access, network transfer, or destructive behavior.

Install it in a scoped workspace and review any generated bot profiles, dispatcher rules, task cards, blackboard entries, and upgrade logs before relying on them. Do not put secrets or unverified instructions into shared persistent files, because future agents may treat them as operating context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broadly scoped and includes generic triggers like building multi-agent organizations, dispatch systems, shared blackboards, and reusable workflows. This can cause the skill to activate for loosely related requests, leading an agent to over-apply complex orchestration behavior or generate expansive file/system changes beyond the user's actual intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal