OpenClaw Debugging Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a local debugging helper that reads user-selected logs or source files and does not show hidden networking, persistence, or destructive behavior.

Install only if you are comfortable letting it read the log or source files you point it at. Redact secrets from logs before use, and verify any local c-support dependency on your system before using the C/C++ tracing path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill reads a file path supplied directly by the user (`--file`) and opens it with `Path(args.file).read_text(...)` without any validation, sandboxing, or explicit disclosure that arbitrary local files may be accessed. In an agent skill context, this can expose sensitive local data such as configuration files, credentials, or source code if the caller is induced to provide unexpected paths or if the agent uses the tool on behalf of a user without clear consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal