ClawHub

OpenClaw Recovery (Codex)

Security checks across malware telemetry and agentic risk

Overview

This recovery skill is mostly diagnostic, but it labels configuration-changing repair commands as safe/read-only, so users should review before allowing an agent to run them.

Install only if you want an agent to inspect and help recover a local OpenClaw setup. Treat `openclaw doctor --fix` and the BOM-removal snippet as write operations: review the exact path, back up the config first, and require explicit approval before running them. Avoid pasting full diagnostic output into public channels because it may include local paths, ports, and network status.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly classifies `openclaw doctor --fix` as "read-only, no side effects" while also describing it as a command that validates and fixes configuration. That mismatch can cause an agent to perform unintended state-changing actions during a supposedly safe diagnostic phase, modifying configuration without clear user approval.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The BOM-removal snippet reads and rewrites the config file in place, which is a direct file modification inconsistent with a diagnostics/reporting skill. Even if intended as repair guidance, embedding a ready-to-run mutation command increases the chance an agent executes it automatically and alters user configuration or damages it if the detected path is wrong.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The BOM fix command performs an in-place rewrite of the configuration file but is presented as a normal remediation step without a strong warning that it edits persistent state. In an agent skill, this ambiguity is dangerous because users and automation may interpret the step as low-risk troubleshooting rather than a write operation with rollback implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal