Openclaw Proper Usage
Security checks across malware telemetry and agentic risk
Overview
This is a small guidance-only skill that tells an agent how to choose tools and verify work, without adding executable code or hidden access.
Before installing, confirm you are comfortable with the skill directing your agent to use named external model backends and spawn scoped subagent sessions. The main practical risks are quota, cost, and delegation behavior in your own OpenClaw environment, not hidden code or credential access in this artifact.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.