Back to skill

Security audit

OpenClaw Shield Quick Scan

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local security-scan helper, but users should confirm the scan target and trust the separately installed scanner.

Install only if you trust the separate OpenClaw Shield scanner. Before running it, confirm the exact folder or file being scanned, keep the temporary report private, and avoid broad scans of unrelated sensitive directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read arbitrary user-specified paths and additional local files such as the scanner and report, yet it declares no permissions. This creates a transparency and policy-enforcement gap: an agent or platform may execute file reads without an explicit permission boundary, increasing the chance of unintended access to sensitive local data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill enables implicit invocation without any visible activation constraints, which can allow the agent to trigger a security scanning capability automatically based on loosely matched user intent. Even though the skill performs defensive scanning, automatic invocation can expose local folders or repository contents to scanning behavior the user did not explicitly request, increasing the risk of unintended data access or surprise execution in sensitive contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal