Add NewCLI Provider (Claude/GPT/Gemini)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw provider setup guide, but it can reroute model traffic through a third-party proxy and handles API keys with weak scoping and safety guidance.

Install only if you intentionally want OpenClaw traffic to use NewCLI/code.newcli.com. Review the provider and fallback edits before applying them, avoid putting raw API keys into shell history or shared logs, restrict permissions on the OpenClaw config file, and confirm that your organization allows prompts, code, and metadata to pass through this third-party proxy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Low

Confidence: 98% confidence
Finding: The skill includes an affiliate/referral link unrelated to the technical task of configuring providers. While not a direct code-execution issue, it introduces self-interested, non-essential content into an administrative workflow and can bias operators toward an external service without a neutral procurement or trust review.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad and include generic admin requests like adding Claude or GPT, which can cause the skill to activate in contexts where the user did not specifically intend to configure this third-party provider. In a skill that introduces external endpoints and API-key-based configuration, unintended invocation increases the risk of accidental provider changes, misconfiguration, or steering users toward a referral-backed service.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promotes use of a third-party API key and external proxy service but does not warn users how to handle credentials safely, where to store them, or to avoid pasting secrets into chat/logged contexts. In this skill context, that omission is more dangerous because the skill is specifically designed to configure external model providers, making secret exposure and trust mistakes materially more likely.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad and overlap with common requests such as adding Claude, GPT, or configuring a provider, which can cause the skill to activate in contexts beyond its intended scope. In an agent system, ambiguous invocation boundaries increase the chance of unintended configuration changes, especially when the skill instructs edits to persistent model and fallback settings.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill tells the user to place a live API key into configuration and use it in curl requests to third-party endpoints, but it does not prominently warn about secret handling, storage permissions, shell history leakage, or organizational approval of the external service. This creates a realistic risk of credential exposure and unauthorized outbound use of sensitive prompts or metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal