Firm Vs Bridge Pack
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed VS Code bridge skill that may share editor context with OpenClaw Gateway, so it is coherent but should be used only in workspaces where that sharing is intended.
Install this only if you trust the connected OpenClaw Gateway, the required OpenClaw extension, and the external mcp-openclaw-extensions package. Treat pushed selections, files, and diagnostics as data that may leave your editor, and avoid using it on secrets or proprietary code unless that sharing is intended.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.