OpenClaw Docs Search + Config Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline OpenClaw documentation search skill, though some included troubleshooting examples can overwrite configs or delete old sessions if followed carelessly.

Reasonable to install for offline OpenClaw docs search. Use OpenClaw-specific trigger phrases, and before following restore or cleanup snippets, make a fresh backup, review diffs, and confirm retention requirements rather than copying commands blindly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase "how do I configure" is very broad and can match many ordinary user requests that are not specifically about OpenClaw. In an agent skill system, this can cause the skill to activate unexpectedly, altering workflow or routing user requests into this skill when unrelated tasks were intended.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The session cleanup automation recommends deleting old isolated sessions without any warning about retention, auditability, or accidental loss of useful prior context. In an operations or troubleshooting environment, this can destroy historical evidence, reduce forensic visibility, and remove data users may expect to persist.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document instructs users to copy a backup file over the active OpenClaw configuration, which is a destructive overwrite operation, but it does not explicitly warn that any newer changes in the current config will be lost. In a troubleshooting skill that users may follow verbatim under pressure, omission of that warning increases the chance of accidental rollback and service misconfiguration.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This second restore workflow also overwrites the live configuration with a backup file without an explicit warning about losing current state. Because the section is framed as a quick recovery path, users are likely to execute it directly, making accidental rollback of valid but uncommitted changes more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal