Oauth Disguise
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill is not hidden or executable, but it teaches users to repurpose sensitive Anthropic OAuth tokens as persistent OpenClaw API credentials.
Install only if you deliberately intend to configure Anthropic OAuth or subscription tokens this way and understand the account, policy, and exposure risks. Prefer officially supported API keys where possible, avoid pasting real tokens into shared shell history or committed config, use per-agent scope instead of global defaults when feasible, and rotate or revoke any token that may have been exposed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.