Back to skill

Security audit

OpenClaw Workflow Architect

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only OpenClaw workflow design skill, and its file-writing guidance is disclosed and aligned with that purpose.

Install this only if you want help designing OpenClaw workflows. Treat generated .lobster and .prose files like executable automation: review them before running, confirm output paths, keep approval gates before side effects, and avoid running remote .prose URLs from untrusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation criteria are extremely broad, covering nearly any OpenClaw or workflow-related request. This can cause the skill to be invoked in contexts where it is unnecessary, increasing the chance of overreach, inappropriate file-generation guidance, or unintended influence over user workflows.

Vague Triggers

Low
Confidence
83% confidence
Finding
The phrase allowing activation when the user only describes requirements verbally lacks a clear threshold for when the skill should engage. That ambiguity can lead to premature activation and unnecessary workflow-authoring behavior without confirming the user's actual intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports creating real files in the user's workspace but does not prominently warn about filesystem modification or require explicit consent at activation time. In an agent setting, this raises the risk of unintended writes, especially when the skill is triggered broadly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow persistently writes multiple generated artifacts to disk under a configurable output directory without any explicit user-facing consent, path restriction, or safety guard visible in the skill. In agent environments, silent file creation can lead to unintended workspace modification, overwriting expected content, or placing sensitive/generated material in locations the user did not anticipate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.