ClawHub
Back to skill

Security audit

OpenClaw Agent Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill matches its agent-orchestration purpose, but it can replace durable workspaces and copy broad private workspace contents without enough safeguards.

Review carefully before installing. Use only for explicit OpenClaw agent-management tasks, choose simple safe agent IDs, avoid running it against existing agents unless you are prepared for workspace replacement, and inspect or back up the source workspace because its contents may be copied into a persistent agent workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to run local scripts and state-changing OpenClaw commands, which implies file read/write and runtime modification capabilities, but it does not declare corresponding permissions. This creates a trust and enforcement gap: consumers may treat the skill as low-privilege while it can trigger durable agent creation, bindings changes, and script execution against live state.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally removes the target workspace directory with shutil.rmtree(dst) whenever it already exists, and the destination path is derived in part from user-controlled input (the agent ID). This can cause irreversible loss of agent state or files under the OpenClaw workspace tree with no confirmation, backup, or path-safety guardrails, which is especially risky in an orchestration skill explicitly intended to create and repair durable live agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.