OpenClaw Refactoring

Security checks across malware telemetry and agentic risk

Overview

This refactoring skill is not malware, but it can rewrite or restore many project files while its safety documentation does not match the implemented behavior.

Install only if you are comfortable reviewing each command before it runs. Use it inside a Git repository, run rename operations with --dry-run first, prefer explicit backup IDs for undo, and avoid pointing it at broad workspace or home directories. Do not rely on the documented extract, inline, move, batch, preview-by-default, ignore-config, or JavaScript support without verifying the implementation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The undo command can restore files immediately, and when no backup ID is provided it defaults to undoing the most recent backup after only listing available backups. In a refactoring tool that modifies source trees, this creates a realistic risk of unintended file restoration or loss of newer work from operator mistakes, scripts, or misuse, especially because the action is state-changing and not gated by confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal