ClawHub
Back to skill

Security audit

OpenClaw Problem Solver自动修复小龙虾

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw troubleshooting skill, but it persists diagnostic data and reads user/profile memory in ways users should review before installing.

Install only if you are comfortable with the skill reading local profile/session context and saving troubleshooting history or diagnostic reports. Before using repair flows, require explicit approval for any exec/write/fix command, redact secrets from logs, and avoid generating persistent reports from raw command output unless the contents are safe to store.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The module explicitly instructs the agent to use a broad web/community fallback and labels the results as less authoritative, but it does not require a clear user-facing warning or explicit consent before relying on those sources. In an agent workflow, this can cause untrusted external content to influence troubleshooting guidance, increasing the risk of inaccurate or unsafe recommendations being presented with insufficient caveats.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs automatic persistent writes to memory and a session-state file without any explicit user warning, consent checkpoint, or documented data-handling boundary. This is dangerous because problem descriptions, solutions, and lessons may contain sensitive user, system, or operational data that gets retained beyond the current interaction, creating privacy, compliance, and unintended data-retention risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rollback section includes direct deletion commands against absolute local paths and Git checkout rollback commands, but it does not instruct the user to verify the target paths, back up changes, or confirm that the files are safe to remove. In a skill/deployment context, operators may copy-paste these commands during recovery, creating a real risk of unintended data loss or rollback of the wrong content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tutorial encourages generating HTML diagnostic reports from raw `exec` output and writing them to local canvas files, but provides no warning or sanitization guidance for sensitive content. Since command output may contain secrets, tokens, internal paths, stack traces, or user data, this pattern can lead to unintended persistence and display of sensitive information in browsable artifacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs automatic persistence of diagnostic reports derived from exec failures and error analysis, but does not mention redaction, retention, access controls, or the possibility that logs may contain secrets, tokens, filesystem paths, or proprietary code fragments. In this skill context, storing rich diagnostic artifacts across sessions increases the chance of sensitive data exposure through local report files or shared canvas documents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs automatic persistence of diagnostic reports to disk, and those reports are derived from exec output and error logs that may contain secrets, tokens, filesystem paths, customer data, or internal system details. Storing this data without an explicit warning, consent flow, retention limits, or redaction guidance increases the risk of sensitive information disclosure through local access, backups, logs, or cross-session reuse.

Ssd 3

Medium
Confidence
91% confidence
Finding
The planned features explicitly propose reading user-specific files like USER.md and IDENTITY.md and reusing historical preferences or prior problem data. That creates a real privacy and data-retention risk because personal or sensitive contextual data may be ingested, persisted, or surfaced in later outputs without clear consent, minimization, retention limits, or access controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.