Back to skill

Security audit

OpenClaw Watch

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate security-scanning purpose, but it tells agents to automatically run an unpinned npm package in broad situations.

Review before installing. Use only if you are comfortable with agents running an npm package resolved as `@latest`; prefer pinning a reviewed version, disabling automatic periodic scans, and requiring explicit approval before sanitizing secret-containing text or scanning broad local paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to automatically run `npx openclaw-watch@latest` after any install, creating an unconditional tool-execution trigger tied to a package fetched at runtime. Even though the stated purpose is defensive, this pattern is dangerous because it expands the agent's autonomous behavior and introduces supply-chain and execution risk from a remotely resolved package version.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The "periodically scan your workspace" instruction is underspecified and encourages recurring autonomous execution over `./skills/` without a clear schedule, boundary, or consent model. In practice, this can cause overbroad file access, repeated command execution, and unintended interaction with sensitive or untrusted content, especially because it again relies on `npx ...@latest`.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.