Openclaw Gateway Fd Fix

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate OpenClaw repair helper, but it can bulk-delete workspace folders and persistently change a macOS LaunchAgent, so it needs careful review before use.

Install only if you are intentionally repairing OpenClaw Gateway on macOS. Before running `fix.sh`, inspect every listed `.venv` and `node_modules` directory and keep anything not easily recreated. Prefer moving large folders out of `~/.openclaw/workspace` over bulk deletion, and review the LaunchAgent backup and final plist before trusting the service restart.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill presents destructive `rm -rf` commands that delete directories under the user's workspace without any explicit warning about irreversible data loss, verification step, or confirmation prompt. Even if intended for troubleshooting, users may have important project environments or dependencies in those paths and could lose work unexpectedly.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 1. **Remove large directories from workspace**: ```bash # Never put these inside ~/.openclaw/workspace/: rm -rf ~/.openclaw/workspace/*/.venv rm -rf ~/.openclaw/workspace/*/node_modules # Move datasets/models/venvs to ~/Downloads/ or /tmp/ ```
Confidence: 90% confidence
Finding: rm -rf ~/.openclaw/workspace/*/.venv rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 1. **Remove large directories from workspace**: ```bash # Never put these inside ~/.openclaw/workspace/: rm -rf ~/.openclaw/workspace/*/.venv rm -rf ~/.openclaw/workspace/*/node_modules # Move datasets/models/venvs to ~/Downloads/ or /tmp/ ```
Confidence: 90% confidence
Finding: rm -rf ~/.openclaw/workspace/*/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash # Never put these inside ~/.openclaw/workspace/: rm -rf ~/.openclaw/workspace/*/.venv rm -rf ~/.openclaw/workspace/*/node_modules # Move datasets/models/venvs to ~/Downloads/ or /tmp/ ``` 2. **Update LaunchAgent resource limits**:
Confidence: 89% confidence
Finding: rm -rf ~/.openclaw/workspace/*/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal