Openclaw Default Agent Backstory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed agent-backstory setup helper that writes expected OpenClaw identity and memory files, with no evidence of hidden exfiltration or destructive behavior.

Before installing, review the files it plans to create or refresh, especially AGENTS.md, SOUL.md, IDENTITY.md, and memory/. Back up existing versions or ask the agent for a diff before allowing updates if you already have customized context files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to create and modify multiple workspace-root files, but it does not require any user-facing notice, confirmation, or scoped preview before doing so. In an agent setting, broad file writes can overwrite user-authored context, introduce persistent unwanted configuration, or cause integrity loss across the workspace even if the functional intent is legitimate.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The bootstrap flow instructs the agent to 'write or refresh all core files listed above' as part of normal execution, again without an explicit warning or approval checkpoint for broad workspace modifications. Because this affects many persistent files at once, a mistaken invocation or ambiguous user request could lead to large-scale configuration drift, clobbering of existing material, and hard-to-review state changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal