金刚罩

Security checks across malware telemetry and agentic risk

Overview

This looks like a real OpenClaw maintenance skill, but it should be reviewed because it can delete local data and create extra plaintext copies of secrets.

Install only if you want an automated OpenClaw maintenance tool with restart, backup, audit, and cleanup authority. Before enabling cron, review the retention constants, secure ~/.openclaw/backups and ~/.openclaw/data/system-guardian, avoid inline secrets in openclaw.json where possible, and run the health patrol manually first so you know exactly what it will delete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script is presented as a health-check tool, but it also performs state-changing actions: deleting old sessions, backups, logs, and temp files, and writing audit/baseline data. This mismatch is dangerous because operators may run it expecting read-only diagnostics while it irreversibly mutates local data and can remove files without explicit consent.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The script deletes /tmp files matching broad patterns including yt_* and morning-ledger*, which are not clearly scoped to this skill or even to OpenClaw. Because /tmp is shared and filenames are attacker- or application-controlled, this can remove unrelated application data or interfere with other workflows.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README documents automatic deletion of sessions, backups, and logs, but does not clearly warn users that real data will be removed or emphasize the risk of losing forensic, recovery, or conversational history. In a system-management skill that agents may invoke automatically, silent cleanup behavior is materially risky because users may not realize retention policies are destructive until after data is gone.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents automatic cleanup behavior, including deletion of session data older than 14 days, backup pruning, and log retention, but does not clearly warn the operator about irreversible data loss or require confirmation. In a system-guardian skill, users may trust automation and enable scheduled execution, making unintended deletion of operational or forensic data more likely.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script performs automatic deletions of sessions, backups, logs, and temp files without prior warning, confirmation, or a dedicated maintenance flag. This is risky because a routine health-check invocation can silently destroy data, making accidental loss or operational disruption more likely.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script explicitly reads and copies the .env file into a backups directory, which can duplicate secrets such as API keys or tokens into additional locations without any permission hardening, encryption, or user warning. That increases secret exposure risk if the backup directory is readable by other users, synced, or later mishandled.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal