Back to skill

Security audit

Echo

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it rewrites every detected local OpenClaw UI installation automatically, so users should review it before running.

Install only if you are comfortable with a local patch that modifies OpenClaw's installed UI bundle files. Review the target paths printed by apply.sh, keep the provided backups, and use remove.sh or reinstall/update OpenClaw if the UI behaves unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script intentionally searches for and modifies every OpenClaw installation it can locate across npm, pnpm, PATH, nvm, and n-managed Node versions. Even if the functional goal is just a local completion sound, this broad host-wide discovery and patching behavior exceeds least-privilege expectations and can affect unintended installations, making the change hard to scope, audit, or roll back safely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states elsewhere that it patches bundled UI dist files and modifies every detected OpenClaw install, but the install-facing description does not prominently warn users at the point of action that local application files will be rewritten. This creates a meaningful transparency and consent problem: operators may run the installer believing it is a lightweight configuration change rather than a filesystem-wide patch across multiple installs, increasing the chance of unintended modification, breakage, or difficult rollback.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs in-place modification of installed application bundles and HTML files automatically, with no explicit consent prompt, warning, or review step. This is dangerous because it changes executable application assets on disk, can surprise users, and may break application integrity or update assumptions across multiple installs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.