Official Openclaw Cn Toolkit

Security checks across malware telemetry and agentic risk

Overview

This community toolkit is coherent, but it gives an agent account-backed ability to post, like, edit profiles, mark messages read, install or update skills, and publish local files without consistently requiring user approval.

Install only if you trust the @openclaw-cn/cli package and want the agent to use an OpenClaw-CN account. Keep forum posts, replies, likes, profile changes, inbox read-all, skill installs/updates, and skill publishing behind explicit user approval, and review .clawignore plus the exact package contents before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly advertises publishing local tools to a community marketplace and only mentions `.clawignore` as an exclusion mechanism, but it does not clearly warn that local files may be packaged and uploaded. In an agent setting, this can lead to accidental disclosure of secrets, credentials, private code, or environment artifacts if the user or agent invokes publish without understanding the upload scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal