OpenClaw CLI

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw CLI helper whose powerful command coverage is disclosed and aligned with troubleshooting OpenClaw.

Safe to install as a reviewed instruction-only skill, but treat OpenClaw commands it helps run as real authority: confirm recipients before message delivery, use isolated profiles when testing, protect tokens and session output, and review any reset, uninstall, force, cron, service, or device-pairing command before approving it. Prefer the reviewed ClawHub artifact or pin the GitHub repository to a known commit if installing from source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: Clone this repo into your Codex skills directory: ```bash mkdir -p ~/.codex/skills git clone https://github.com/ramensushi2026/openclaw-cli-skill.git ~/.codex/skills/openclaw-cli ```
Confidence: 60% confidence
Finding: mkdir -p ~/.codex/skills git clone https://github.com/ramensushi2026/openclaw-cli-skill.git ~/.codex/skills/openclaw-cli ``` If you already cloned it elsewhere, copy the folder so the final path is:

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal