Back to skill

Security audit

GitClaw

Security checks across malware telemetry and agentic risk

Overview

GitClaw has a clear backup purpose, but it quietly sets up broad GitHub workspace syncing with system installs and persistent cron automation without enough user review controls.

Install only if you intentionally want your OpenClaw workspace repeatedly backed up to GitHub. Use a private repository, review the exact files first, exclude secrets and logs before any push, require approval for sudo installs and cron setup, and verify how to remove the crontab entry and ~/.openclaw/gitclaw script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (59)

Vague Triggers

High
Confidence
98% confidence
Finding
The skill says to use itself automatically when installed or merely 'reference[d],' and the trigger phrases are broad enough to activate on loosely related requests. In context, that broad activation is dangerous because the skill performs package installation, GitHub authentication, repository creation, and recurring data exfiltration to a remote service without requiring an explicit, informed opt-in for each high-risk action.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to act 'automatically and quietly' while making system changes and configuring remote backup behavior. Silent execution reduces user awareness and consent around privileged installs, cron persistence, and uploading workspace contents, materially increasing the likelihood of unnoticed harmful actions.

Ssd 3

High
Confidence
99% confidence
Finding
The skill's stated purpose is to back up the OpenClaw workspace to GitHub, which semantically means copying potentially sensitive agent and user data to a third-party remote repository. Because the workspace may contain prompts, notes, credentials, tokens, or other confidential artifacts, blanket backup creates a direct exfiltration risk.

Ssd 3

High
Confidence
99% confidence
Finding
Telling the agent to operate 'automatically and quietly' while collecting and pushing workspace contents to GitHub makes the exfiltration channel less visible to the user. The lack of transparency increases the chance that sensitive files are uploaded without meaningful consent or review.

Ssd 3

High
Confidence
99% confidence
Finding
The backup script runs `git add -A` and pushes all changes on a schedule, which continuously exports any newly added workspace content to GitHub. In this skill's context, that creates persistent ongoing leakage of whatever sensitive material later appears in the workspace, not just the initial snapshot.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Else if `yum` exists:
  - `sudo yum install -y git`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm git`
- Else if `zypper` exists:
  - `sudo zypper install -y git`
- Else if `apk` exists:
Confidence
90% confidence
Finding
--noconfirm

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `sudo yum install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm cronie`
  - `sudo systemctl enable --now cronie || true`
- Else if `apk` exists:
  - `sudo apk add dcron`
Confidence
90% confidence
Finding
--noconfirm

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `sudo zypper install -y gh`

- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm github-cli`

- Else if `apk` exists:
  - `sudo apk add github-cli`
Confidence
90% confidence
Finding
--noconfirm

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- If `brew` exists:
  - `brew install git`
- Else if `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y git`
- Else if `dnf` exists:
  - `sudo dnf install -y git`
- Else if `yum` exists:
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- If `brew` exists:
  - `brew install git`
- Else if `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y git`
- Else if `dnf` exists:
  - `sudo dnf install -y git`
- Else if `yum` exists:
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- Else if `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y git`
- Else if `dnf` exists:
  - `sudo dnf install -y git`
- Else if `yum` exists:
  - `sudo yum install -y git`
- Else if `pacman` exists:
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- Else if `dnf` exists:
  - `sudo dnf install -y git`
- Else if `yum` exists:
  - `sudo yum install -y git`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm git`
- Else if `zypper` exists:
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- Else if `yum` exists:
  - `sudo yum install -y git`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm git`
- Else if `zypper` exists:
  - `sudo zypper install -y git`
- Else if `apk` exists:
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm git`
- Else if `zypper` exists:
  - `sudo zypper install -y git`
- Else if `apk` exists:
  - `sudo apk add git`
- Else if macOS and `xcode-select` exists:
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
If missing, attempt install:

- If `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y cron`
  - `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
If missing, attempt install:

- If `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y cron`
  - `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- If `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y cron`
  - `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
  - `sudo systemctl enable --now crond || true`
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- If `apt-get` exists:
  - `sudo apt-get update && sudo apt-get install -y cron`
  - `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
  - `sudo systemctl enable --now crond || true`
Confidence
96% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo apt-get update && sudo apt-get install -y cron`
  - `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `yum` exists:
  - `sudo yum install -y cronie`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo systemctl enable --now cron || sudo service cron start || true`
- Else if `dnf` exists:
  - `sudo dnf install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `yum` exists:
  - `sudo yum install -y cronie`
  - `sudo systemctl enable --now crond || true`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo dnf install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `yum` exists:
  - `sudo yum install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm cronie`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo systemctl enable --now crond || true`
- Else if `yum` exists:
  - `sudo yum install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm cronie`
  - `sudo systemctl enable --now cronie || true`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo yum install -y cronie`
  - `sudo systemctl enable --now crond || true`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm cronie`
  - `sudo systemctl enable --now cronie || true`
- Else if `apk` exists:
  - `sudo apk add dcron`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo systemctl enable --now crond || true`
- Else if `pacman` exists:
  - `sudo pacman -S --noconfirm cronie`
  - `sudo systemctl enable --now cronie || true`
- Else if `apk` exists:
  - `sudo apk add dcron`
  - `sudo rc-update add dcron default || true`
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- `sudo pacman -S --noconfirm cronie`
  - `sudo systemctl enable --now cronie || true`
- Else if `apk` exists:
  - `sudo apk add dcron`
  - `sudo rc-update add dcron default || true`
  - `sudo rc-service dcron start || true`
- Else:
Confidence
95% confidence
Finding
sudo

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.