Check Axios Malware

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local incident-check skill with disclosed diagnostic commands and risky cleanup examples that users should handle carefully.

Install this only if you want local npm/OpenClaw incident-response guidance. Before running cleanup commands, confirm the exact directory, prefer a backup or disposable copy, and avoid deleting node_modules or package directories on production systems without a recovery plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The incident response section includes destructive remediation steps (`rm -rf /path/to/plain-crypto-js`, `rm -rf node_modules && npm install`) without requiring confirmation, backup, or validation of the target path. In an agent skill context, users or automation may execute copied commands directly, so an imprecise or templated deletion command can cause accidental data loss or deletion of the wrong directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal