Back to skill

Security audit

OpenClaw Vulnerability Checker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw security-audit helper, with local inspection and optional online lookups that match its stated purpose.

Install this only if you want an agent to audit your OpenClaw version and exposure. Let it run read-only checks first, review port/process/firewall output before sharing it, and explicitly approve any config.patch, restart, update, firewall, or sudo action. Avoid pasting broad GitHub Personal Access Tokens into chat; prefer public advisories or a fine-grained read-only token if private advisory access is truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
73% confidence
Finding
The automatic trigger is broad enough to activate on general security-related queries, which can cause the skill to run shell/network inspection behavior in situations where the user did not specifically request system interrogation. In a security-audit skill, over-broad triggering increases the chance of unintended local enumeration and external lookups.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.