OCMAP Pairing Auth
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill describes a disclosed pairing-auth design with appropriate short-lived tokens, device proof, revocation, and storage safeguards.
Install only if you are implementing this OpenClaw/OCMAP pairing feature. Treat bootstrap auth as temporary secret material, keep TTLs very short, avoid logging or overexposing tokens, store long-lived trusted-device tokens only in backend or keychain-style storage, and ensure revocation reliably disables future reconnects.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.