Openclaw Model Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but users should remember that orchestration sends task content and intermediate outputs to multiple configured LLM providers.

Install only if you are comfortable with the task text, code snippets, and intermediate outputs being routed to the model providers configured in OpenClaw. Avoid using it for secrets, regulated data, or private customer material unless those providers are approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The orchestrator forwards user tasks, intermediate outputs, and reviewer synthesis content to multiple external models through `api.inference`, potentially multiplying disclosure across providers. Because the code does not present a clear user-facing warning, consent gate, or provider/data-boundary notice before sending content, users may unknowingly expose sensitive prompts, code, secrets, or internal data to third-party services.

VirusTotal

No VirusTotal findings

View on VirusTotal