Skylv Openclaw Config Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw configuration helper with disclosed, purpose-aligned advice, but users should review any generated config changes before running them.

Install only if you want help reviewing OpenClaw configuration. Do not paste unredacted API keys or secrets into chat, inspect any config diff before applying it, and run optimize-config.js only if you know where that script came from and have reviewed its contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The manual trigger '/optimize' is overly generic and can easily collide with unrelated user commands or other skills, causing this skill to activate in contexts outside OpenClaw configuration review. Because the skill can recommend or emit operational commands and configuration changes, unintended activation could lead to confusing, unsafe, or context-inappropriate guidance.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Automatic activation on broad keywords like configuration, optimization, performance, and security is ambiguous and likely to match many benign conversations unrelated to OpenClaw. This increases the chance of prompt-context hijacking by injecting skill behavior into unrelated tasks, which is especially risky because the skill includes shell commands and config-modification workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal