OpenClaw DX

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate OpenClaw troubleshooting skill, but it gives an agent broad local repair authority that can expose tokens and reset configuration or session state without enough safeguards.

Install only if you want an agent to troubleshoot OpenClaw on your machine and you are comfortable supervising service restarts, config edits, and session resets. Before use, instruct the agent to mask token values, avoid printing raw secrets, show exact files and PIDs before deleting or killing anything, and make backups of config and session files before pruning or rewriting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly instructs operators to overwrite user configuration and session state files in place, but does not require backup, confirmation, or warning about destructive side effects. In an agent-executed context, direct writes to config/session files can cause data loss, broken authentication, or service outage if the wrong file or session is modified.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The metadata states the skill writes incident reports into ~/clawd/inbox, but does not warn that it will create files in the user's home directory. Unauthorized or unexpected file creation is lower severity here, but still a risky side effect for an automated skill.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The triage steps instruct routine inspection of auth-profiles.json and environment variables that may contain live access tokens and gateway secrets. Even if intended for diagnostics, normalizing secret discovery and display increases the chance of credential exposure through logs, terminal history, screenshots, or downstream agent handling.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The guidance tells the operator to copy the same gateway token value into configuration, encouraging manual propagation of sensitive shared secrets across profiles. This expands secret sprawl and increases exposure risk if config files are synced, backed up, or read by other tools.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The Auth section documents exact local token storage paths and field names in detail, which materially lowers the effort required to locate and harvest credentials from a compromised or over-privileged environment. While useful operationally, this is sensitive credential mapping information and should be treated carefully.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal