OpenClaw Policy Check

Security checks across malware telemetry and agentic risk

Overview

This skill is a local, read-only repository scanner that reports risky code patterns and does not show networking, persistence, or file modification behavior.

Install this if you want an agent-accessible local repository security preflight scanner. Run it against specific repos or files rather than broad home-directory paths, and treat scan output as sensitive because findings may include snippets from lines that look like secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill enables implicit invocation without any visible narrowing conditions or trigger constraints, which can cause the security-scanning skill to activate in ambiguous contexts. That creates a risk of unintended execution, over-collection of repository context, or policy enforcement actions being applied when the user did not explicitly request them.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal