Openclaw Starter

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenClaw onboarding guide with optional local checks and setup instructions, but users should handle bot tokens and linked messaging accounts carefully.

Review recommended skills before bulk-installing them, especially automation, SSH, Docker, email, webhook, and code-running tools. Keep Telegram and Discord tokens out of source control, logs, screenshots, and shared chats, and prefer environment variables or the OpenClaw configuration flow. Only link WhatsApp accounts you are comfortable connecting to OpenClaw, and know how to revoke the linked session from WhatsApp settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 77% confidence
Finding: The declared purpose is a beginner guidance skill, but the analysis indicates the associated behavior also probes the local environment, installed tools, gateway state, and installed skills via subprocess calls. That creates a transparency problem: users may invoke a help skill without expecting local system enumeration, which can expose sensitive host metadata and normalize overbroad access for a low-trust onboarding component.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: Broad trigger phrases such as generic beginner-help requests can cause the skill to activate in ordinary conversation without clear user intent to run this specific onboarding workflow. In a skill that may perform diagnostics or suggest command execution, accidental activation increases the chance of unintended data exposure, confusing recommendations, or unreviewed actions being proposed to the user.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The statement that the skill will 'automatically recognize needs' lacks clear boundaries for when activation occurs and what actions follow. In context, this is more concerning because the skill appears capable of local environment inspection; ambiguous auto-activation increases the risk that a user receives system-derived guidance or diagnostic behavior without informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document instructs users to copy, store, and enter a Discord Bot Token but does not warn that the token is a sensitive secret equivalent to account credentials for the bot. In onboarding documentation for novice users, this omission increases the chance of accidental disclosure through screenshots, pasted configs, shell history, or committing YAML files to version control, which could let an attacker hijack the bot.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to link a personal WhatsApp account to OpenClaw by scanning a QR code, but it does not explain what access OpenClaw will gain, what message or contact data may be exposed, or the privacy/security implications of keeping the session connected. In a beginner onboarding skill, users are more likely to follow these steps without understanding the trust boundary, which increases the risk of unintended account or data exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal