Multi Agent V101
Security checks across malware telemetry and agentic risk
Overview
This is a markdown-only architecture guide for running multiple OpenClaw agents, with disclosed operational examples and no hidden executable behavior found.
Before following the guide, decide which agents truly need credentials, Telegram access, shared memory, and automatic restarts. Keep bot and provider tokens out of chat and git, restrict Telegram bots with allowedChatIds, avoid putting secrets in shared memory or backups, and review any cron or restart script before enabling it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.