agent-init

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-directed OpenClaw workspace initializer with one disclosed setup risk: an optional command that installs uv by running a remote script.

Install this only if you want an agent to help create or update OpenClaw workspace instruction files. Review every generated file before approving writes, keep secrets out of workspace markdown, verify the correct host/container path, and prefer a trusted package manager or reviewed installer over the optional curl-piped uv install command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill directs use of `curl ... | sh` to fetch and immediately execute a remote installer script. This bypasses normal integrity review and grants arbitrary code execution from a network resource, which is significantly broader and riskier than merely configuring workspace markdown files.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script executes a remote installer directly with `curl ... | sh`, which allows arbitrary code from the network endpoint or any upstream compromise to run immediately in the user's shell. In an agent initialization skill, this is especially risky because users may run it during setup with elevated trust and possibly broad local permissions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal