Back to skill

Security audit

fourok-openclaw

Security checks across malware telemetry and agentic risk

Overview

The skill mainly does disclosed fourok retrieval, but its Python module also includes under-disclosed OpenClaw chat-message ingestion that can retain full conversation content and identifiers.

Review before installing. The normal fourok retrieval commands are coherent, and VirusTotal/static scan signals are clean, but administrators should only enable this skill if they understand whether the OpenClaw message-capture helpers are reachable in their deployment, where those records are stored, who can search them, and what retention/redaction controls apply.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The package presents itself as a fourok CLI retrieval skill, but it also exposes functionality to ingest OpenClaw chat messages into governed source records. That expands the data handling scope from retrieval to retention of conversation content and identifiers, which can surprise deployers and cause sensitive chat data to be collected without clear expectation or consent boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The source-record conversion stores full raw message content, sender identifiers, session identifiers, and other metadata in both normalized fields and the raw payload. In a skill handling agent conversations, this can capture sensitive prompts, secrets, personal data, or internal operational context, increasing privacy and data-exposure risk if retention, access control, or downstream indexing are broader than intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.