file-browser
Security checks across malware telemetry and agentic risk
Overview
The skill is a simple read-only workspace file browser, but its workspace containment is weak enough that users should review it before installing.
Install only if you are comfortable letting the skill read text files from the configured OpenClaw workspace. It should be hardened before use in sensitive workspaces: resolve and verify real paths stay under the workspace, handle symlinks safely, and emit JSON with a proper encoder.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.