Back to skill

Security audit

Warp Oz

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Warp Oz cloud-agent integration; it uses a Warp API key to start, monitor, chain, and schedule remote coding agents, with no evidence of hidden or deceptive behavior.

Install this only if you intend OpenClaw to operate Warp Oz cloud agents for your account. Use a dedicated or least-privileged Warp API key where possible, avoid putting secrets in prompts, verify environment IDs and cron schedules before running commands, and periodically review active Warp schedules and generated PRs or artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes dispatching cloud agents and mentions cloned repositories and PR-oriented workflows, but it does not present a prominent user warning that remote agents can act on repository contents and may create PRs or other remote side effects. In this context, missing disclosure is risky because users may treat it like a local advisory tool rather than a remote automation system capable of changing code and repository state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The schedule commands are presented as ordinary commands without a clear warning that they create persistent automated executions that continue until paused or deleted. That can lead to unintended recurring remote runs, repeated API usage, surprise changes, and cost or operational impact if a user assumes the action is one-shot.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The orchestrator sends the full task prompt and prior stage context to a remote cloud API, including status summaries and session links, without any built-in consent, redaction, or warning at the point of transmission. In a multi-agent coding pipeline, this can unintentionally disclose proprietary code, internal URLs, security findings, or sensitive business context to an external service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.