CodeBuddy CLI for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward CodeBuddy CLI usage guide that discloses the main risks instead of hiding them.
Install only if you trust the Tencent CodeBuddy npm package and its login flow. Use it in development workspaces, avoid permission-bypass flags outside disposable sandboxes, and do not place secrets in CodeBuddy command or memory files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.