openclaw-insight

Security checks across malware telemetry and agentic risk

Overview

The skill’s purpose is coherent, but its recommended install path asks users to run a remote shell script while making broad local-only safety claims.

Install only if you are comfortable trusting the GitHub project and its installer. Prefer downloading and reviewing the install script first, verify any release checksums or signatures if available, and treat the no-data-leaves claim as applying to runtime analysis rather than installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The documentation makes a strong trust claim that the tool is '100% local' and that no data leaves the machine, yet it instructs users to fetch and execute a remote installer from GitHub. Even if the runtime tool processes data locally, the installation path introduces network access and remote code execution risk, which materially contradicts the safety claim and may mislead users into lowering their guard.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The guide says the tool is read-only and never modifies data, but it also documents writing output files under the OpenClaw state directory by default. This inconsistency can mislead users about filesystem side effects and may cause accidental contamination of application state, backup sets, or sensitive directories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal