ClawHub

openclaw-reference

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only OpenClaw reference skill with sensitive operational guidance, but no executable code or hidden behavior was found.

Safe to install as a static reference, but do not let an agent run the documented commands automatically. Explicitly review anything that bypasses plugin security scans, installs or updates plugins, changes credentials or auth, starts persistent services, schedules external delivery, resets state, or enables wallet/payment flows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly advertises `--dangerously-force-unsafe-install` and notes that it can bypass the security scan, but it does not pair that capability with a clear warning about trust boundaries, code-execution risk, or when its use is acceptable. In a plugin ecosystem, unsafe installs can introduce arbitrary code execution through untrusted plugins, so normalizing this flag without strong caution materially increases operator risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file documents commands such as `openclaw doctor --fix`, `openclaw reset`, and `openclaw uninstall` in a reference section without prominent warnings about configuration changes, data loss, service disruption, or irreversible actions. Even in documentation, omission of destructive-action warnings can lead users or downstream agents to invoke these commands unsafely in automation or recovery scenarios.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation states that the x402 plugin 'auto-signs Solana USDC payments' after HTTP 402 responses, but it does not pair that capability with an explicit warning that real funds may be spent or that user consent/budget controls are required. In an agent provisioning or plugin-development context, this can normalize silent payment behavior and lead operators to enable a flow that triggers unintended financial transactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal