Back to skill

Security audit

OpenClaw Model Provider

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw configuration helper, but users should keep real API keys out of chat and shared config files.

Install only if you are comfortable editing OpenClaw model configuration. Do not paste production API keys into chat; set keys locally through environment variables or a secret manager and use placeholders in generated config. Review changes to ~/.openclaw/openclaw.json, keep the backup, and remember that any configured provider may receive future OpenClaw prompts and context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the assistant to ask the user for an API key and then presents examples that place secrets into shell startup files or configuration. This creates a clear pattern of collecting and handling credentials in conversation without warning users not to paste secrets into chat or explaining safer alternatives, increasing the chance of credential exposure through logs, transcripts, screenshots, or shared config files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example shows an actual API key value being placed in the `env` section of the configuration file, which can normalize storing secrets in plaintext config files. In the context of a model-provider configuration skill, users are specifically being guided to handle provider credentials, so insecure examples materially increase the chance of accidental secret exposure via source control, backups, logs, or shared config files.

Ssd 3

Medium
Confidence
98% confidence
Finding
The workflow directs the assistant to collect the user's API key as a normal conversational step. In an agent setting, this is dangerous because it normalizes secret disclosure into chat history and can lead to credential leakage to logs, telemetry, support exports, or other downstream systems that process conversation content.

Ssd 3

Medium
Confidence
97% confidence
Finding
The example workflow reinforces the unsafe pattern by explicitly stating that the user should provide their key. Repetition in examples matters because examples are often copied verbatim by assistants and users, making secret collection more likely in practice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.