Omni-Agent Builder (OpenClaw)
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward OpenClaw workspace generator with disclosed memory and scaffolding behavior.
Installers should run the scaffold only in a fresh or backed-up directory, review generated workspace files before use, and decide clear privacy rules for MEMORY.md and daily logs. Do not store credentials or private keys in the generated workspace, and avoid loading private memory in group or shared-channel contexts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.