Security audit

OpenClaw VLN Planner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed robot navigation planner with real privacy and safety cautions, but the artifacts are coherent and do not show hidden or malicious behavior.

Use this only with a trusted multimodal gateway and assume robot camera frames and navigation context may leave the device. Keep dry_run enabled during testing, add human supervision and independent safety controls before connecting a real robot, store the API key outside plaintext config where possible, and pin/audit the Python dependencies before deployment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill instructs the runtime to read local configuration files and use an OpenAI-compatible multimodal gateway with a base URL and API key, which implies file-read and network capabilities. Because these capabilities are not explicitly declared as permissions, the host may expose more access than reviewers or operators expect, creating a trust and containment gap that could lead to unintended data access or outbound transmission of images, instructions, and robot state.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 PyYAML>=6.0.1
Confidence: 94% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 PyYAML>=6.0.1
Confidence: 95% confidence
Finding: PyYAML>=6.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 82% confidence
Finding: requests

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 93% confidence
Finding: PyYAML

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal