Openclaw Self Healing Elvatis

Security checks across malware telemetry and agentic risk

Overview

This self-healing skill is coherent and not malicious, but it has high-impact automatic repair powers and can send unsanitized failure details to GitHub when optional cron or plugin repair is enabled.

Install only if you want an autonomous self-healing service that can change OpenClaw session and gateway state. Keep disableFailingCrons and disableFailingPlugins off unless you accept automatic service disablement and GitHub issue creation; use dryRun first, set issueRepo to a trusted/private repository, and assume error text may include sensitive paths, tokens, or business details until the skill adds redaction and separate approval controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill advertises automatic recovery of disconnects and other session failures, but it does not clearly warn users that it may change session state or perform recovery actions on their behalf. In an agent/plugin context, undisclosed automatic state changes can surprise operators, mask root causes, or trigger unintended reconnection behavior, even if the feature is intended to improve reliability.

Missing User Warnings

High

Confidence: 90% confidence
Finding: The plugin can automatically disable cron jobs and create GitHub issues containing job names, identifiers, and error output, all triggered by observed runtime state rather than explicit operator approval at the time of action. In environments where cron metadata or errors may contain secrets or business-sensitive details, this creates a real risk of unauthorized service disruption and unintended data disclosure to an external repository.

Missing User Warnings

High

Confidence: 92% confidence
Finding: The plugin automatically disables other plugins and sends plugin metadata and error details to GitHub, which can expose sensitive internal information and cause unreviewed availability impact. Because plugin errors may include secrets, stack traces, paths, or tokens, and the destination repo is configurable, this behavior can lead to real confidentiality and operational damage if misconfigured or abused.

VirusTotal

No VirusTotal findings

View on VirusTotal