Proactive Ops Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local operations monitor that reads workspace memory files and writes limited local alert/config data, with no evidence of exfiltration or destructive behavior.

Install only if you are comfortable with a local monitor reading OpenClaw memory files and writing alert/config files in the workspace. In shared or sensitive workspaces, review memory/wal.jsonl, memory/working-buffer.md, memory/ops-alerts.jsonl, and proactive-ops-config.json because suggestions and alerts may reveal operational context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states it will automatically log alerts to `memory/ops-alerts.jsonl`, which modifies user workspace data as part of normal operation. Even if the writes are operationally legitimate, silent automatic persistence can surprise users, create unwanted records, and potentially capture sensitive operational metadata without clear opt-in or prominent disclosure.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal