Openclaw Web Automation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed public-webpage automation wrapper, with broad web access and reliance on a local OpenClaw Automation Kit installation.

Use this only for public, unauthenticated webpages. Do not provide credentials, private URLs, or account-specific tasks, and install it only if you trust the local OpenClaw Automation Kit code it calls.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill invokes a local Python script through a shell command and relies on the environment, but it does not declare those capabilities as permissions. That creates a trust and review gap: users or orchestration systems may treat the skill as low-risk documentation while it can actually execute code locally, increasing the chance of unintended command execution or unsafe handling of untrusted user input in downstream scripts.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal