Security audit

OpenClaw Deploy Guide

Security checks across malware telemetry and agentic risk

Overview

This deployment guide is purpose-aligned, but it repeatedly encourages high-impact installation shortcuts that run unverified remote code and weaken platform protections.

Review this carefully before installing. Prefer the signed DMG/EXE/package paths only after verifying publisher provenance and checksums where available, avoid the curl|bash, curl|sh, and iwr|iex commands, pin Docker images by digest, and lock down ~/.nexusbot/config.yaml permissions if you store API keys there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (18)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The configuration wizard fetches and executes a remote script from ollama.com using curl-pipe-sh, which gives that remote content immediate shell execution on the user's system. In an installer context this is especially risky because users expect setup steps and may not realize they are granting arbitrary code execution to a third party without verification or explicit consent.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The guide explicitly tells users how to bypass platform trust protections for an unsigned or unverified macOS app. While this may be common troubleshooting advice, it weakens Gatekeeper-style safeguards and trains users to ignore provenance warnings, increasing the chance of running tampered binaries.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill recommends piping a remotely fetched script directly into bash, which executes unreviewed network content immediately. If the source repository, transport path, or account is compromised, users can be subjected to arbitrary code execution during installation.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The Windows instructions use `iwr ... | iex`, which executes remote PowerShell content in memory without review. This creates a direct arbitrary code execution path if the upstream script or distribution channel is modified or hijacked.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The troubleshooting section recommends removing the macOS quarantine attribute, which disables an OS security control designed to warn about untrusted downloads. This makes it easier for users to run potentially unsafe software without normal platform checks.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The README instructs users to pipe a remotely fetched shell script directly into bash, which executes unreviewed code immediately on the host. In a deployment guide, users are likely to copy-paste quick-start commands, so a compromised upstream repository, MITM of a non-pinned dependency chain, or malicious script update could lead to arbitrary code execution.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The PowerShell command downloads remote content and immediately executes it with iex, which is equivalent to arbitrary remote code execution on the user's machine. Because this is presented as a recommended installation path in a cross-platform deployment guide, it materially increases the chance that users will execute untrusted or later-compromised code without review.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This Linux quick-start again uses curl piped to bash, causing immediate execution of remote installer code with no review or integrity verification. In deployment documentation, this context makes the issue more dangerous because administrators may run it on servers or production systems, magnifying the impact of compromise.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script prompts for API keys and writes them directly into $HOME/.nexusbot/config.yaml without warning the user that credentials will be stored locally in plaintext. This can lead to inadvertent credential exposure through weak file permissions, backups, shell observation, or shared-user environments.

Missing User Warnings

High

Confidence: 98% confidence
Finding: Executing a remote installation script via curl-pipe-sh without an explicit warning or confirmation allows arbitrary upstream code to run immediately on the host. If the remote server, CDN, or distribution path is compromised, the installer becomes a direct delivery mechanism for malicious code.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill tells users to execute a remote install script via pipe-to-shell and does so without any warning about script trust, review, or integrity verification. The absence of warning increases the likelihood that users will run arbitrary code blindly.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Using `iex` on remote PowerShell content without a safety warning normalizes dangerous execution behavior and removes opportunities for user review. A compromised upstream script would run immediately with the user's privileges.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The Linux instructions again use `curl ... | bash` with no trust or verification guidance. This creates a straightforward remote code execution risk and is especially concerning in a deployment guide where users may run commands with elevated privileges nearby.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The Ollama installation command executes a remote script directly without any warning about the risks of trusting live network content. This unnecessarily exposes users to arbitrary code execution from a third-party endpoint.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide advises disabling macOS quarantine without explaining the trust implications or requiring verification steps. Users may interpret this as routine, weakening protection against malicious or trojanized app bundles.

External Script Fetching

Low

Category: Supply Chain
Content: sudo dpkg -i nexusbot_amd64.deb # 或一键脚本 curl -fsSL https://raw.githubusercontent.com/Markovmodcn/openclaw-china/main/scripts/install.sh | bash # 或 Docker docker run -d -p 3000:3000 markovmodcn/nexusbot:latest
Confidence: 96% confidence
Finding: curl -fsSL https://raw.githubusercontent.com/Markovmodcn/openclaw-china/main/scripts/install.sh | bash

Chaining Abuse

High

Category: Tool Misuse
Content: # 双击安装 # 方法 2：脚本安装 curl -fsSL https://raw.githubusercontent.com/Markovmodcn/openclaw-china/main/scripts/install.sh | bash ``` ### Windows
Confidence: 99% confidence
Finding: | bash

Chaining Abuse

High

Category: Tool Misuse
Content: sudo dpkg -i nexusbot_amd64.deb # 或一键脚本 curl -fsSL https://raw.githubusercontent.com/Markovmodcn/openclaw-china/main/scripts/install.sh | bash # 或 Docker docker run -d -p 3000:3000 markovmodcn/nexusbot:latest
Confidence: 99% confidence
Finding: | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal