Openclaw

Security checks across malware telemetry and agentic risk

Overview

The artifact appears to be a public registry/CLI integration whose network use is expected and mostly disclosed, with no evidence of hidden exfiltration or unsafe automatic behavior.

Before installing, understand that ClawHub is not local-only: registry commands contact clawhub.ai by default, login stores an API token locally, and logged-in installs may report minimal install telemetry unless disabled. Use the documented environment overrides and telemetry opt-out if you need tighter control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly states that the skill joins a live public network by default with zero configuration, but it does not prominently warn users that installation or use may initiate external network communication and expose prompts, metadata, or agent activity to third parties. In an agent-skill context, silent default connectivity increases privacy, data-handling, and unintended-action risk because users may assume a local-only integration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal