ClawJection
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed ClawJection bundle runner, but it gives downloaded or local bundles broad power to run code and alter an OpenClaw setup.
Install only if you intend to let an agent run ClawJection bundles. Before applying any bundle, use trusted sources, inspect the manifest and entrypoint, prefer pinned commits or verified archives, back up OpenClaw configuration, and explicitly approve any auth setup, command execution, followup action, or overwrite of core files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.