Security audit

Safe Config Modifier

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent OpenClaw config editor, but its promised secret-masking is unreliable for sensitive config files.

Review before installing. Use only in trusted sessions, supply explicit file paths rather than relying on defaults, verify any preview output yourself before sharing it, and do not rely on the bundled masking scripts until they are fixed. Confirm that backups exist, and remember backups may contain full secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: Requiring one exact Chinese phrase for confirmation without prior user opt-in can cause unsafe workflow failures: users may believe they approved a change while the skill silently refuses, or agents may pressure users into a rigid phrasing pattern. This is not a direct code-execution issue, but it creates consent ambiguity and brittle human-in-the-loop controls in a security-sensitive configuration workflow.

Ssd 2

Low

Confidence: 86% confidence
Finding: Using a novel hard-coded confirmation phrase such as '只认 ojbk可以改了' creates a brittle consent mechanism that can confuse users, normalize nonstandard approval patterns, and be socially engineered by a malicious workflow or prompt. In a skill that edits a sensitive configuration file, weak or unusual confirmation semantics increase the chance of unauthorized or misunderstood changes being accepted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal