Security audit

OpenClaw HowTo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw help skill, but it needs review because it stores environment-specific configuration and includes unsafe copy-paste command patterns without enough safeguards.

Install only if you are comfortable with an OpenClaw helper that can guide CLI mutations and keep configuration or search/troubleshooting notes in memory. Do not provide tokens, internal endpoints, secret-bearing examples, or sensitive error logs, and manually review any remove, uninstall, write/edit, bulk, or bash -c command before allowing an agent to run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description promises that user configuration will be remembered, but it does not clearly warn that tool names, call formats, and related operational details will be persistently stored. This creates a consent and transparency problem because users may disclose sensitive environment information without understanding it will be retained across sessions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The cheatsheet documents destructive agent-management commands such as removal without any warning about confirmation behavior, reversibility, or data loss. In an agent skill context, terse copy-pasteable examples can lead users or downstream agents to delete agents or sessions unintentionally, especially when used non-interactively.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workspace write/edit examples show direct file modification and overwrite operations without warning that existing content may be replaced. Because this is operational guidance for a tool that manipulates user workspace files, users or autonomous agents may overwrite important files through copy-pasted commands or naïve automation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The guide instructs appending raw web-search output into local knowledge-base files, which can unintentionally persist sensitive or user-specific information returned by searches or included in retrieved content. Because this is framed as routine maintenance with no sanitization, minimization, or retention guidance, it creates a realistic privacy and data-handling risk rather than a purely theoretical concern.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The troubleshooting flow writes error messages and related search results directly to disk, but errors commonly contain secrets, filesystem paths, usernames, hostnames, prompts, or other sensitive operational details. Persisting them unredacted increases exposure and can turn transient errors into durable local leakage accessible to other users, tools, backups, or later prompts.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: User-supplied search text is sent to an external service via mcporter call MiniMax.web_search without a clear, explicit warning that the query leaves the local environment. In an agent/skill context, users may include internal project names, credentials-adjacent strings, or other sensitive operational details in search terms, causing unintended data disclosure to a third party.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill is designed to retain user-provided configuration in memory for future reuse, which can capture operational details such as tool identifiers, invocation syntax, and environment-specific setup. Persistent storage of this information increases exposure if the memory files are later read by other skills, users, or processes, and the risk is elevated because the retention is framed as automatic convenience.

Ssd 3

Medium

Confidence: 97% confidence
Finding: This workflow explicitly asks users to provide configuration details and then stores them, which encourages collection of potentially sensitive operational metadata. Even if the examples are not secrets by themselves, users may include internal tool names, endpoints, or command patterns that reveal environment structure and become valuable reconnaissance data.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The post-configuration flow directs parsing, testing, and saving user-supplied configuration into persistent memory after verification, which operationalizes long-term retention of environment-specific data. Because the content is user-provided and later reused, it also raises secondary risks such as unsafe command reuse, accidental propagation, and disclosure through subsequent reads of the memory file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal