Back to skill

Security audit

OpenClaw Urgent Care

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw troubleshooting guide; it involves sensitive local config edits but does not include hidden code or data transfer.

Before using it, back up ~/.openclaw files, avoid pasting API keys or logs into chats, and review any change that enables full tool access. Treat the separate Claw Mart recovery product as external software and verify it independently before running its installer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to directly edit auth-related files and rotate API keys, but it does not warn about backing up configuration, limiting exposure of secrets, or using secure handling practices. In a troubleshooting context, this can lead to accidental credential disclosure, corruption of auth state, or destructive edits that worsen recovery and expose sensitive provider access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The advertised automated recovery tool claims to generate a full markdown recovery report after collecting diagnostic evidence, but it does not warn that such reports may include account IDs, file paths, logs, binding details, or other sensitive operational data. Users may share or store the report insecurely, creating an avoidable disclosure risk during incident response.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.