Security audit

Claude Code Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill that openly integrates OpenClaw with Claude Code for coding work, including file edits and command execution.

Install this only if you want OpenClaw to call Claude Code on your projects. Verify the Claude installer source, use least-privilege credentials, avoid pasting secrets, prefer a branch or sandbox for edits, review commands and diffs before accepting changes, and only connect MCP servers, hooks, or sub-agents you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly advertises capabilities to read codebases, edit files, run commands, create commits/PRs, and use external integrations, but it does not present clear user-facing warnings about the possibility of modifying local files, executing shell commands, or transmitting data to external services. In an agent-skill context, that omission can cause users to invoke high-impact actions without understanding the operational and privacy consequences.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The setup instructions tell users to authenticate and mention API-key-based authentication, but they do not warn that credentials may grant access to paid external services or that prompts and repository contents may be transmitted off-host. This increases the risk of accidental secret exposure, misuse of privileged accounts, or unintentional sharing of sensitive code/data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The exec and MCP integration examples encourage direct shell execution and third-party tool connectivity, but they omit warnings about command-injection risk, host-side side effects, and data exposure to external servers. In a skill intended to orchestrate tooling, this omission materially increases the chance that users run unsafe commands or connect untrusted integrations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.