OpenClaw Sacred Rules

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for OpenClaw recovery, but it handles authentication and session state in ways that are under-scoped and could break or alter the wrong local profile.

Install only if you are comfortable letting the skill work with OpenClaw auth, .env, and session files. Before running any repair script, inspect the target paths, make a verified private backup, ensure backup permissions are restrictive, and do not run reset_cooldowns.sh until the hardcoded /Users/admin path is fixed to use the intended $HOME auth file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document provides direct destructive modification instructions for auth-profiles.json without requiring backup verification, confirmation, or warning about loss of auth state. In an agent skill context, such guidance can cause irreversible corruption or credential-related service outages if followed automatically or carelessly.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The instructions tell the operator to archive or rename session files without explaining the effect on user data, active sessions, or forensic value. In practice this can destroy continuity, disrupt users, or conceal evidence during incident response if performed prematurely.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Sourcing $HOME/.openclaw/.env executes shell syntax from a secrets file in the current shell context, which is risky if the file is malformed, tampered with, or contains unexpected commands. It also loads sensitive credentials into the script environment without an explicit warning or minimization of exposure, increasing the blast radius if downstream commands or debugging leak environment variables.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The shell script validates and backs up the auth file using $HOME, but the embedded Python ignores that variable and instead writes to a hard-coded path '/Users/admin/.openclaw/...'. This can cause the script to modify a different account's authentication state than the one the operator intended, leading to unauthorized tampering, broken backups, or inconsistent state between the checked file and the file actually changed.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script copies secret-bearing files such as `.env` and auth profile data into a new backup directory under the user's home directory without warning about the sensitivity of that data or tightening permissions on the destination. This increases secret exposure risk if the backup location is synced, broadly readable, accidentally shared, or left behind longer than intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal