Claw Insights Snapshot

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for generating OpenClaw status cards, but the cards can reveal operational metrics if shared publicly.

Before installing, make sure you trust the separate claw-insights service this skill tells you to use. Preview snapshots before posting them externally, prefer compact output for chat, avoid public channels for detailed reports, keep bearer tokens private, and only use no-auth mode on a trusted local machine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly encourages sharing generated status cards to external chat channels but does not warn that those cards may contain sensitive operational data such as token usage, session activity, error counts, and gateway health. This creates a real risk of inadvertent data disclosure because users may treat the output as harmless imagery rather than telemetry-bearing content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal