ClawHub

OpenClaw Security Guide (by huamu668)

Security checks across malware telemetry and agentic risk

Overview

This is a security guide, but it recommends persistent automation that can scan sensitive areas and automatically push credentials, identity data, and OpenClaw state to a remote Git repository.

Treat this as a guide to review manually, not as something to apply automatically. Before installing or following it, verify the upstream source, approve each privileged command, do not commit credentials or identity files to git unless encrypted and intentionally chosen, and make sure any nightly cron job and reporting channel can be reviewed, disabled, and cleaned up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes very broad phrases such as 'security audit', 'openclaw security', and '高危操作', which can cause this high-privilege skill to activate in contexts far outside its intended scope. In a root-capable agent environment, overbroad activation increases the chance that sensitive inspection, backup, or system-modifying guidance is applied when not explicitly requested.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill recommends automatic git commit and push of highly sensitive OpenClaw state, including configuration, credentials-related directories, identity material, and paired device state, to a remote repository. Even if the repository is described as private, this creates a significant exfiltration and privacy risk because secrets, auth artifacts, and operational metadata may be uploaded off-host without explicit per-item review or strong secret exclusion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs reading the gateway process environment and enumerating variable names containing KEY/TOKEN/SECRET/PASSWORD. Even with value masking, accessing process environments can expose sensitive operational context, confirm the presence of privileged secrets, and normalize secret inspection without explicit user consent.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal