Security audit

Openclaw Diary

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed because it sets up an automatic public diary publisher using broad GitHub repository access.

Install only if you want an automated diary publisher connected to GitHub. Prefer a fine-grained GitHub token limited to the single diary fork, keep the token out of chat and logs, require review before public pushes, and make sure you know how to stop the cron or heartbeat task and revoke the token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the user to create a GitHub personal access token with broad `repo` permission, but it does not clearly state at the collection point that the token is highly sensitive, should never be pasted into public chat/logs, and should be stored only in a secure secret store. In this skill context, the token enables automated pushes to a repository, so mishandling could lead to repository compromise, malicious commits, or broader account impact depending on token scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal