Neural Network Ops

Security checks across malware telemetry and agentic risk

Overview

This operations skill mostly matches its purpose, but it includes an unchecked command that can delete OpenClaw session history.

Use this only on an OpenClaw server you administer. Before running the session-reset block, make a backup of the sessions directory, confirm that losing stored session history is acceptable, and explicitly approve any service restart or file deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs deletion of all session files and recreation of the session index without any explicit warning that this will destroy conversation state. In an agent skill, operators may follow the playbook directly, so omission of a data-loss warning and safer recovery alternatives makes accidental destructive action likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal