Back to skill

Security audit

Multi-Agent Tenant Upgrade

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it needs Review because it persistently patches core OpenClaw code and exposes sensitive auth-profile metadata to the client.

Review the full patch set before installing, apply it on a git branch or backup, and keep the Control UI restricted to trusted users. Pay particular attention to the auth badge changes: they can reveal auth profile identifiers in the browser/client state; a safer implementation would send only a display-safe mode such as oauth, api, fallback, or unknown.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill asserts that patches modify only agent-related files, but elsewhere documents changes to auth handling, chat pipeline state, session history, and model-catalog behavior. This is a transparency and scope-misrepresentation issue: installers relying on the narrow scope statement could approve broader-impact code changes affecting credentials, telemetry, and core gateway behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The patch propagates `authProfileId` from backend run context into the final chat event and then stores it on chat messages, making internal authentication profile identifiers visible to the client. Even if these are not secrets themselves, they can reveal credential source, provider choice, manual/OAuth usage, and internal naming conventions, which is unnecessary metadata exposure and can aid reconnaissance or leak sensitive operational details through the UI, browser state, logs, or extensions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.