Back to skill

Security audit

Openclaw Guardian

Security checks across malware telemetry and agentic risk

Overview

This watchdog skill is not clearly malicious, but it needs review because it describes an unattended background repair process that can hard-reset a workspace without enough user-control or data-loss safeguards.

Install only if you are comfortable with an always-on watchdog modifying the OpenClaw workspace. Before enabling rollback, commit or back up important work, verify the actual guardian script and its reset target, disable or gate `git reset --hard` unless explicitly needed, and treat Discord alerts as data leaving your local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents an automated repair ladder that includes `openclaw doctor --fix` and `git reset --hard` rollback, but it does not clearly warn users that these actions can overwrite or discard local workspace changes. In a watchdog skill that runs unattended, omission of a data-loss warning increases the chance of users enabling destructive behavior without informed consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The Discord webhook feature sends operational alerts to a third-party service, but the documentation does not warn that logs, hostnames, status details, or other metadata may leave the local environment. This is a privacy and data-handling issue because users may configure alerting without understanding what information could be exposed externally.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**Repair ladder:**
1. Detect Gateway down (every 30s)
2. Run `openclaw doctor --fix` (up to 3 attempts)
3. If still down → `git reset --hard` to last stable commit, restart Gateway
4. If all fails → cooldown 300s, resume monitoring
5. Daily automatic git snapshot of workspace
Confidence
95% confidence
Finding
git reset --hard

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.