Back to plugin

Security audit

Diffs

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw plugin is a purpose-aligned diff viewer that creates temporary, tokenized diff artifacts without evidence of data theft or destructive behavior.

Install if you want agents to generate shareable diff viewers or PNG/PDF diff files. Be aware that diff contents are temporarily written to the local temp directory and may be reachable by anyone who has the tokenized viewer URL during its TTL; keep remote viewer access disabled unless you intentionally need shareable links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.obfuscated_code

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
dist/assets/viewer-runtime.js:1
Evidence
var Zs=Object.defineProperty;var vl=Object.getPrototypeOf;var xl=Reflect.get;var Vs=e=>{throw TypeError(e)};var Ml=(e,t,n)=>t in e?Zs(e,t,{enumerable:!0,configu...