Cmd Executor

Security checks across malware telemetry and agentic risk

Overview

This skill openly runs local shell commands, but it gives the agent broad host access with no visible safeguards.

Install only if you intentionally want OpenClaw to run arbitrary local shell commands. Use it only with trusted users and prompts, preferably inside a disposable VM or sandbox, and avoid machines with secrets, production credentials, private files, or elevated privileges.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

High

Confidence: 99% confidence
Finding: This skill takes attacker-controlled input from `context.message`, strips a prefix, and passes the remainder directly to `child_process.exec`, which invokes a shell. That creates a direct arbitrary command execution path, allowing any user who can trigger the skill to run OS commands, read or modify files, exfiltrate secrets, or pivot to full host compromise; the lack of any warning or confirmation makes accidental or unauthorized execution even easier.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly offers to run arbitrary Windows commands locally and return the output, but provides no warning, restriction, or safety boundary to the user. This creates a direct path to command execution on the host system, enabling data theft, destructive actions, privilege misuse, or lateral movement if a user or prompt induces dangerous commands.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal