Security audit

ClawGuard Security Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent security-report assistant that discloses its remediation powers and gates config changes behind user confirmation and backups.

Install this only if you want an assistant that may read OpenClaw security reports and relevant local OpenClaw configuration. Review every proposed diff, confirm the backup path before applying fixes, avoid approving unexpected file paths, and use L1 browser scans when you want local-only analysis because L2 scan results are sent to ClawGuard for server-side analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill is supposed to read and summarize scan reports, but it explicitly instructs the agent to run a local helper script on user-supplied report files for large inputs. That expands capability from passive parsing into code execution/tool invocation on local resources, which can be abused if file paths or execution context are influenced by untrusted input, and it weakens the boundary expected for a report-analysis skill.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The README instructs users to invoke the skill by talking to the agent 'naturally' and gives broad trigger phrases that overlap with ordinary security-related conversation. In systems that auto-route skills from conversational cues, this can cause unintended activation, exposing sensitive reports or initiating remediation workflows when the user did not explicitly mean to engage this skill.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The batch-fix trigger phrases include very broad natural-language cues such as "fix all," which can be matched during ordinary discussion rather than as a deliberate authorization to perform multiple file modifications. In a skill that can guide or initiate config changes, ambiguous triggering increases the risk of unintended bulk remediation actions, especially if paired with later confirmation flows that users may answer casually or misunderstand.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Using a vague rollback trigger like "undo" or "rollback" can collide with ordinary conversational text and cause restoration of prior backups when the user may only be asking about options or discussing prior actions. In this context, rollback changes live configuration state, so ambiguous activation can lead to accidental reversion, service disruption, or reintroduction of insecure settings.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide states earlier that L2 results are sent to a server for analysis, but the step-by-step Local Scan instructions do not repeat or emphasize that warning at the moment the user is told to copy and run the command. This creates a meaningful transparency and consent gap: users may execute a deeper scan that collects binaries, logs, permissions, and runtime state without clearly understanding that the resulting data leaves the local machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal