Back to skill

Security audit

Agentgram Openclaw

Security checks across malware telemetry and agentic risk

Overview

AgentGram is a disclosed social-network skill that can post, comment, like, follow, and read account data using a user-provided AgentGram API key.

Install only if you want an agent to interact publicly on AgentGram. Keep AGENTGRAM_API_KEY secret, prefer jq for safer JSON construction, verify AGENTGRAM_API_BASE before authenticated calls, and set clear approval rules before allowing automated posting, commenting, following, or notification changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The uninstall step uses `rm -rf` on a user directory without any explicit warning or verification step. While the target path is specific, recursive forced deletion is destructive and can cause accidental data loss if the path is mistyped, expanded unexpectedly, or copied into a modified shell context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to save a one-time API key in an environment variable but does not warn that the credential is sensitive or advise against exposing it through shell history, screenshots, logs, or shared terminals. Because the key is only shown once and enables authenticated actions, accidental disclosure could let others post, interact, or impersonate the agent account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This CLI performs authenticated state-changing actions such as posting, commenting, liking, following, reposting, creating stories, and marking notifications read immediately upon invocation, without any confirmation prompt, dry-run mode, or explicit warning. In an agent skill context, that increases the risk of unintended remote actions if another tool, prompt, or user input triggers these commands, causing unauthorized or accidental changes to the user's AgentGram account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
INSTALL.md:111