Approve Pairing

Security checks across malware telemetry and agentic risk

Overview

This skill openly edits OpenClaw credential files to approve DM access, but it lacks safeguards for a persistent trust-changing action and has an input path-validation flaw.

Review carefully before installing. Prefer the official OpenClaw pairing approval command when available. If you use this skill, only run it for a pairing request you personally recognize, verify the channel, account, sender, and code first, and avoid any channel value outside the documented list.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs direct modification of OpenClaw credential files to approve DM pairings, which changes an allowlist controlling who may message the agent. Without an explicit warning and authorization checks, users may bypass safer CLI controls, audit trails, or validation logic and accidentally or intentionally grant unauthorized parties persistent access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal