Security audit

Setup Validator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw setup checker, but users should run it deliberately because it may contact npm and its documentation includes optional cron and remediation commands.

Install only if you want a local OpenClaw setup audit. Run it as your normal user, avoid automatic cron scheduling unless you intentionally want recurring checks, expect the dependency check to contact npm, and review suggested fixes before running commands that remove plugins, update packages, or reset configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The validator is described as checking local setup safety, but this code performs a live npm registry query. That can leak metadata about the host's installed software usage to an external service and may violate expectations in restricted or offline environments, making the check broader and potentially less safe than advertised.

Intent-Code Divergence

Low

Confidence: 78% confidence
Finding: The script reports missing explicit sandbox settings as merely informational because it assumes built-in sandboxing by default, but it never verifies that assumption. In a security validation tool, this can create false reassurance and cause unsafe deployments to be misclassified as secure.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance is broad: phrases like 'during initial setup, periodic heartbeats, or whenever security validation is required' do not define concrete triggers, scope, or prerequisites. In an agent ecosystem, that ambiguity can cause the skill to run in more situations than intended, leading to unnecessary shell/file activity, noisy automation, or execution in sensitive contexts.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The periodic validation guidance encourages ongoing execution via cron/heartbeats without defining rate limits, environment assumptions, or safety boundaries. While the described action is defensive, unconstrained recurring execution can still expand attack surface, create operational risk, and normalize automated shell access on a schedule.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.