Security audit

openclaw-cheatsheet

Security checks across malware telemetry and agentic risk

Overview

This looks like a mostly documented command-reference skill, but it includes broad state-changing and unrelated external-service commands that users should review before installing.

Install only if you want an agent to have a broad OpenClaw administration reference. Before using it, require explicit confirmation for any send, create, set, unset, install, uninstall, delete, overwrite, restart, or script-run command, and treat the non-OpenClaw Google Calendar and Obsidian sections as out of scope unless you intentionally need those tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The README for an OpenClaw CLI cheatsheet includes a copy-pasteable `gog calendar create` command that is unrelated to the stated skill scope. In an agent skill context, mismatched operational examples can mislead users or downstream agents into executing unintended commands against external services, causing unauthorized actions or data changes outside OpenClaw.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill is presented as an OpenClaw CLI cheatsheet, but it also documents unrelated Obsidian CLI operations and a discussion runner script that can create, overwrite, delete, and execute actions outside the declared scope. This broadens the operational surface available to an agent or user and can enable unintended file modification or command execution paths not expected from a simple reference skill.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: A cheatsheet intended for command/flag reference includes state-changing configuration and daemon-management commands such as set, unset, install, uninstall, start, stop, and restart. In an agent setting, documenting these commands without guardrails can normalize unsafe operational changes and increase the chance of unauthorized or accidental service disruption and persistent config modification.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented Discord message and thread commands transmit user-provided content to an external service, but the cheatsheet gives no warning about external data egress. In agent-assisted workflows, this can lead to accidental disclosure of sensitive prompts, secrets, or internal data to third-party systems.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The config set and unset examples modify persisted configuration, yet the cheatsheet does not warn that these changes are durable and may affect future agent or service behavior. This creates risk of accidental misconfiguration, persistence of unsafe settings, or tampering with operational bindings.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The cheatsheet includes destructive operations such as deleting agents, uninstalling services, overwriting notes, and deleting notes without any explicit warning about irreversible effects. In a tool-using agent environment, concise command references can be copied and executed directly, making accidental destructive actions materially more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal