Back to skill

Security audit

Config Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw configuration monitoring runbook with one risky but clearly scoped backup-cleanup command users should review before running.

Install only if you are comfortable with an operational monitoring runbook for OpenClaw configuration. Review commands before running them, especially the backup cleanup pipeline; preview the files first and keep extra recovery copies if the backups matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill is presented as a monitoring/reporting tool, but its alert-handling section includes a destructive cleanup command that deletes backups. This mismatch is dangerous because users may trust the skill as read-only operational guidance and run irreversible deletion commands without realizing they are stepping into maintenance actions with data-loss risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes a command pipeline that deletes old backups without any warning, confirmation step, or safety guard. Even if intended as routine housekeeping, this can cause accidental loss of recovery points and weakens resilience precisely in a configuration-safety workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.