OpenClaw工作目录医生

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw workspace repair guide, but users should review any external scripts before running file-changing repairs.

Install only if you are troubleshooting an OpenClaw workspace. Before running the recommended PowerShell scripts, inspect their contents, prefer dry-run mode first, back up relevant configuration, and verify every path before approving deletion or configuration changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "工作目录医生" is broad and generic enough to match ordinary troubleshooting requests about workspace health, which can cause unintended invocation of this skill. Over-broad triggers increase the chance that the agent activates behavior in contexts the user did not explicitly request, creating misrouting and potentially unsafe automated actions on directories.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "工作目录健康" is too general and may match routine workspace or path troubleshooting unrelated to OpenClaw. In an agent environment, this can lead to accidental skill execution and unintended filesystem inspection or modification under the assumption that a workspace repair operation was requested.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal