OpenClaw Encyclopedia

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw documentation helper that fetches official docs and keeps a local workspace cache, with no evidence of hidden or destructive behavior.

Reasonable to install for OpenClaw-specific work. Be aware it may create .OpenClaw-Encyclopedia, fetch pages from docs.openclaw.ai, and preserve local operational notes; review those notes before sharing a workspace and do not store secrets or sensitive access details there.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill instructs the agent to perform network access to docs.openclaw.ai and to write fetched content and notes into a local workspace, but it declares no permissions. That creates a capability/consent mismatch: a user or platform may believe the skill is advisory-only while it can actually modify local files and initiate outbound requests, which increases the risk of unexpected data persistence, policy bypass, or unsafe use in restricted environments.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The description presents the skill as documentation-first guidance and troubleshooting, but the body also directs the agent to fetch remote content, parse and cache it locally, and initialize or repair workspace directories. This behavioral mismatch is dangerous because it hides operational side effects behind a seemingly informational skill, making users less likely to expect network egress or filesystem changes and increasing the chance of misuse in sensitive environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal