GitClaw

Security checks across malware telemetry and agentic risk

Overview

GitClaw has a coherent backup purpose, but it tells the agent to quietly set up system tools, GitHub access, recurring cron pushes, and workspace uploads without enough explicit user control.

Install only if you deliberately want your OpenClaw workspace repeatedly backed up to GitHub. Use a private repository, review the workspace for secrets before the first push, require confirmation before sudo installs, GitHub authentication, repo creation, and cron setup, and make sure you know how to remove the crontab entry and backup script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 98% confidence
Finding: The skill says to run automatically when installed or merely referenced, and applies to broad backup/sync-related requests. That can cause the agent to initiate repository creation, package installation, and persistent backup setup without a clear, specific user request for those high-impact actions.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill explicitly instructs the agent to act 'automatically and quietly' and only notify the user in limited failure/input cases. Because the actions include creating a remote repository, pushing workspace contents off-host, and installing persistent cron jobs, suppressing user-facing warnings materially increases the risk of unauthorized data export and persistence.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal