LINE
Security checks across malware telemetry and agentic risk
Overview
This official OpenClaw package behaves like a plugin compatibility inspector, with sensitive runtime execution kept behind explicit user opt-in.
Install is reasonable for OpenClaw plugin development or CI. Treat `--runtime`, `capture`, synthetic probes, and `--allow-execute` as execution of the plugin being inspected; use them only in an isolated workspace or CI job without unnecessary secrets. Expect report files under `reports/` and optional init-generated config/workflow/package-script changes when you run `plugin-inspector init`.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
61/61 vendors flagged this plugin as clean.