Security audit

Multi-Agent Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a local OpenClaw agent monitoring helper with disclosed, user-run scripts and no evidence of hidden persistence, credential theft, or destructive behavior.

Install this if you want local visibility into OpenClaw agents. Run it only in terminals or logs where workspace paths and session metadata are acceptable to show, and use the communication helper deliberately because it can send messages to configured agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Low

Confidence: 90% confidence
Finding: The script accepts a '--from' argument and presents itself as sending a message from one agent to another, but it never uses the sender identity in the actual send operation. This can create misleading audit logs, broken trust assumptions, or identity-spoofing at the workflow level if operators believe sender attribution is enforced when it is not.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script silently enumerates agents, workspaces, models, and session counts from the local orchestration environment and prints them to stdout without any consent prompt or disclosure. In an agent-skill context, that can expose system topology and potentially sensitive workspace identifiers to a user or downstream consumer who did not expect internal inventory collection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal