OpenClaw Ecosystem Monitor
Security checks across malware telemetry and agentic risk
Overview
This skill is a read-only public ecosystem monitor that collects public metadata and writes local reports without using secrets or making remote changes.
Before installing, understand that the skill makes unauthenticated requests to public GitHub, npm, OpenClaw docs, and ClawHub endpoints, then stores local snapshots and reports. Review the optional scheduling wrapper if you plan to run it repeatedly, and keep the no-secret and metadata-only boundaries in place.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.