Openclaw Creator Setup

Security checks across malware telemetry and agentic risk

Overview

This text-only skill is a disclosed creator-environment setup helper, with minor risk that broad trigger phrases may invoke it unexpectedly.

Install this only if you want OpenClaw to help check and configure a content-creator workflow environment. Be aware that broad phrases like “查看状态” may trigger this skill unexpectedly, so confirm it is checking the creator environment before allowing account or installed-skill status checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill advertises activation on broad, common phrases like '内容创作', '自媒体', and '工作流', which are likely to appear in many unrelated conversations. This can cause unintended skill invocation and tool use in contexts where the user did not ask to configure this specific creator setup flow, increasing the chance of privilege misuse or confusing cross-skill behavior.

Vague Triggers

Low

Confidence: 93% confidence
Finding: The example trigger '查看状态' is extremely generic and could match many unrelated user requests about status, health, or progress. In an agent environment, such ambiguity can lead to accidental invocation of this skill and unnecessary calls to Feishu or agent-listing tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal