Security audit

GitHub Copilot agent runtime

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw plugin coherently adds an opt-in GitHub Copilot runtime, with expected local session and transcript storage that users should understand before enabling it.

Install this only if you want OpenClaw to run GitHub Copilot as an agent runtime. Expect it to use your configured GitHub/Copilot credentials or logged-in CLI session and to store conversation transcripts, including tool results, in local OpenClaw history; avoid sending secrets unless your local retention policy allows that.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code mirrors full user, assistant, and tool-result messages into a local transcript file on disk, including intermediate content and potentially sensitive tool outputs. Even if intended for audit/compliance, this creates a privacy and secret-retention risk because prompts, generated content, and tool results may contain credentials, personal data, or proprietary workspace contents, and this file does not enforce minimization, redaction, encryption, or explicit consent before persistence.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal