Myway Personal OS

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward setup guide for a local Myway dashboard using OpenClaw, with normal installer and troubleshooting risks disclosed.

Before installing, review or pin the `@uchibeke/myway` npm package if supply-chain risk matters to you, avoid pointing `MYWAY_ROOT` at highly sensitive directories, and inspect the process using port 48291 before killing it. The supplied VirusTotal status is pending and static/SkillSpector scans did not show artifact-backed malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The troubleshooting advice includes `fuser -k 48291/tcp`, which forcefully kills whatever process is bound to that port without warning the user to verify the target first. In an installation/troubleshooting skill, this can accidentally terminate unrelated local services if the expected app is not actually the one listening, causing avoidable disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal