Security audit

Agent Lifecycle Manager

Security checks across malware telemetry and agentic risk

Overview

This skill performs powerful but clearly described OpenClaw agent management tasks, with the main risk being local archives that may contain sensitive agent data.

Install this only if you want the agent to administer local OpenClaw agents. Before running helpers, verify the agent ID, Telegram token, pairing code, archive path, any --inherit-auth use, and any --yes deletion bypass. Keep generated archives and state files private because they may include credentials, configuration, chat history, or workspace data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The script archives agent state, workspace contents, and multiple OpenClaw status outputs to disk without any confirmation, minimization, or disclosure to the operator. In this lifecycle-management context, those locations can contain credentials, configuration secrets, chat logs, or other sensitive operational data, so creating persistent copies increases exposure if the archive path is later accessed by other users, backups, or unrelated tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.