Back to skill

Security audit

Git Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Git checkpoint tool for OpenClaw config, but it can stage broad local changes and rewrite live credential files while making stronger secret-safety claims than the code supports.

Install only if you are comfortable with a local Git repository being created inside ~/.openclaw and with the tool touching credential files. Back up ~/.openclaw first, review exactly which files will be committed, avoid committing real credentials, and prefer excluding credentials or using sanitized staging copies rather than rewriting live credential files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The commit workflow derives files from `git status --porcelain` for the entire `~/.openclaw` tree and stages every changed path except nested git repos, rather than restricting staging to `TRACKED_PATHS`. In this skill context, that is dangerous because the tool is marketed as a configuration checkpoint manager, yet it can silently commit unrelated files from the user's OpenClaw workspace, increasing the chance of persisting sensitive or unintended data.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad phrases such as "restore", "rollback", and "what changed", which are common in normal conversation and could cause the skill to activate unintentionally. Because this skill performs version-control actions over configuration and supports rollback behavior, accidental invocation could lead to disruptive or unintended state changes, especially if later steps are automated by the agent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Broad trigger phrases for restore behavior can cause the skill to activate on ordinary language such as 'undo this' or 'go back,' leading to accidental rollback flows. In a skill that can overwrite configuration files and invoke checkout/reset operations, overbroad activation materially raises the risk of unintended destructive actions.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.