Openclaw Quick Deploy

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is coherent, but it asks users or agents to run broad host-changing install commands without enough safety controls or warnings.

Install only if you are comfortable reviewing deployment commands first. Prefer downloading and inspecting the remote script, pinning images or package versions, deploying in an isolated VPS or container, and configuring firewall/authentication/HTTPS before exposing the gateway.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill provides one-click deployment commands that perform impactful system changes, including fetching and executing code, without clearly warning users about trust, privilege, or system modification risks. In an agent-assisted context, this increases the chance that a user or automation will run privileged installation steps without proper review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal