Back to skill

Security audit

Openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a high-impact payment-wallet skill, but its ability to use CardZero credentials and send USDC is clearly disclosed and aligned with its stated purpose.

Install only if you intentionally want an agent to operate a CardZero USDC wallet. Use a dedicated low-balance wallet, set strict per-transaction and daily limits, keep the API key out of ordinary chat when possible, and approve payments only after checking the amount, recipient, fees, and reason.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises very broad trigger phrases such as 'make a payment', 'buy with crypto', and 'pay for API access', which can cause an agent to invoke a payment-capable skill in ambiguous contexts. Because this skill can move funds externally, loose activation conditions increase the risk of unintended or user-surprising payment actions, especially when combined with natural-language misunderstandings.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs the owner to paste an Agent Configuration block containing a live API key directly into chat, causing sensitive credentials to transit and potentially persist in conversation logs, model context, analytics systems, and downstream tooling. A leaked API key for a payment wallet can enable unauthorized balance queries and payment actions within the wallet's configured limits.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:45