Everything Openclaw (EO)
Security checks across malware telemetry and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill looks coherent for a multi-expert development assistant. Before installing, treat it as executable third-party plugin code, not just prompt text; install from the intended source, review high-impact outputs like deployment/security advice, and reset or correct memory/context when working on sensitive projects. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may adopt strong specialist personas and apply their rules when the skill is used.
The skill includes authoritative role instructions for expert personas. In context, this is purpose-aligned, but it can shape the agent's behavior during expert-mode responses.
You are **Anthropologist**... ## 🚨 Critical Rules You Must Follow
Use the skill for expert collaboration, but keep user instructions and OpenClaw safety rules as the higher priority.
The agent could help with code review, security scanning, or deployment-related workflows when invoked.
The skill advertises automation-oriented development commands. They are relevant to the plugin's purpose, but deployment and security workflows can affect important project decisions if used uncritically.
| `/security-scan` | Security audit |\n| `/deploy` | Deployment automation |
Review plans and outputs before making deployment, production, or security-impacting changes.
Installing the plugin means trusting the repository and its packaged code.
The installation path pulls a plugin from a GitHub source. This is disclosed and user-directed, but it creates normal third-party code supply-chain trust considerations.
openclaw plugins install https://github.com/467718584/everything-openclaw
Install only from the intended repository, review the source/lockfile when possible, and keep the plugin updated from trusted versions.
Using the plugin can run local plugin code rather than only adding static prompts.
The artifacts clearly disclose that the plugin is not only documentation; it includes TypeScript execution as part of its architecture.
**MD + TS Hybrid Architecture** ... │ .md │→│ .ts │ ... │ (define)│ │ (execute)│
Treat this as an executable plugin, not a text-only skill; install it only if you trust the publisher and reviewed behavior is acceptable.
Prior context or expert-tracked assumptions may influence later outputs.
The skill advertises memory management, and expert files describe tracking details across a conversation. This is useful for collaboration but can carry stale or user-influenced context forward.
- **Proactive Memory Management**
Periodically reset or correct the agent's context for sensitive or high-stakes tasks, and verify important assumptions.