Secure Autofill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed 1Password autofill helper with sensitive setup steps, but its behavior matches its stated purpose and is user-directed.

Install only if you want OpenClaw to help with real browser logins. Use a least-privilege 1Password token if you need one, avoid pasting tokens into chat, protect env files that contain secrets, review any sudo Chrome install commands before running them, and confirm the site and account before autofill submits credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: These onboarding instructions direct creation of local env files, optional propagation into the gateway env, and restarting a systemd user service, which goes beyond simple credential filling. In a security-sensitive skill, hidden setup authority over secrets storage and service lifecycle increases the attack surface and can normalize unsafe persistence of sensitive configuration.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The package installation and system configuration commands materially exceed the core autofill purpose and introduce privileged host changes, external package source trust, and persistent runtime configuration. In context, this makes the skill more dangerous because a user expecting browser autofill may also be led to alter the OS and gateway environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal