Edith

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but its troubleshooting cleanup can broadly remove Edith-related OpenClaw configuration without backup or confirmation.

Install only if you intend to connect Edith glasses and trust the separate plugin it installs. Before allowing troubleshooting cleanup, back up ~/.openclaw/openclaw.json and verify exactly which Edith-related entries will be removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The troubleshooting path instructs direct modification of `~/.openclaw/openclaw.json`, inserting or replacing channel configuration with a user-supplied link code, without any backup, validation, or warning that local settings may be overwritten. This is dangerous because it can silently corrupt existing configuration, remove manual customizations, or persist malformed data if the token contains unexpected characters or the file structure differs from assumptions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The cleanup instructions delete all config entries whose keys contain `edith` from both channel and plugin sections, again without user confirmation, backup, or scoping to the exact installed component. This broad deletion can remove legitimate existing integrations or state, causing denial of service for the glasses channel and potentially other Edith-related components the user relies on.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal