Security audit

Agent Runtime Security

Security checks across malware telemetry and agentic risk

Overview

This is a defensive OpenClaw security-hardening skill, but users should review the shell snippets before running them because some examples can change system or repository state.

Install only after reading the scripts and examples. Run commands one at a time, skip cron unless you want recurring local checks, use sudo/GPG only if you understand the package install, and do not use the Git force-push history rewrite without backups, credential rotation, and coordination with collaborators.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The GPG setup section instructs `sudo apt update` and `sudo apt install -y gnupg`, which extends beyond workspace hardening into privileged system modification. Even if well-intended, encouraging privileged package management increases attack surface and violates least-privilege expectations for a security hardening skill focused on a user workspace.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README recommends `git filter-branch` and `git push --force --all` to remove leaked secrets, but it does so without any warning that rewriting history disrupts collaborators, invalidates clones, and can cause data loss if done incorrectly. In a security-hardening skill, users may follow these commands under stress during incident response, increasing the chance of accidental repository damage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The test helper executes an arbitrary shell string via eval, which is dangerous because any untrusted or incorrectly composed test case can trigger command injection and execute unintended shell syntax. In a security test script, this is especially problematic because contributors may add new tests assuming they are data-only, while eval treats them as executable shell code.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn

Code: suspicious.prompt_injection_instructions
Location: examples/SOUL-config-example.md:5