Back to skill

Security audit

中文 OpenClaw 插件

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only OpenClaw plugin guide whose prompt-modifying hook behavior is sensitive but disclosed and aligned with its purpose.

Install this only if you intend to build or manage OpenClaw plugins. Review generated hook JavaScript before enabling it, because enabled hooks can keep changing future prompt construction until disabled or removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "modify gateway" is ambiguous and could match requests involving unrelated gateways, infrastructure, or network components. In this skill's context, activation exposes instructions for altering a hook/plugin system that can inject context or modify messages before prompt construction, increasing the chance of unintended or unsafe changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "modify gateway" is ambiguous and could match requests involving unrelated gateways, infrastructure, or network components. In this skill's context, activation exposes instructions for altering a hook/plugin system that can inject context or modify messages before prompt construction, increasing the chance of unintended or unsafe changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides step-by-step instructions and code for a before_prompt_build hook that can overwrite system messages and alter user message content, but it omits warnings about prompt integrity, trust boundaries, persistence, and downstream security impact. This is dangerous because such hooks operate at a highly privileged interception point and can be used to silently inject instructions, manipulate model behavior, or alter user intent before the prompt is sent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.