ClawHub

OpenClaw Safe Config Rollback

Security checks across malware telemetry and agentic risk

Overview

This is a local rollback helper that can run user-supplied shell commands, but that capability is visible and aligned with applying and validating OpenClaw config changes.

Install only if you want a shell-based local helper for OpenClaw config rollback. Before each use, inspect the exact --apply-cmd, --apply-file, and --health-cmd values, avoid building them from untrusted text, and use --require-ack for changes where automatic rollback matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This script directly executes user-supplied content via `bash "$APPLY_FILE"` or `bash -lc "$APPLY_CMD"`, which makes it a general-purpose code execution wrapper rather than a narrowly scoped config rollback helper. In the context of an agent skill, this is dangerous because any caller or upstream prompt/input that influences these arguments can trigger arbitrary shell execution with the user's privileges, while the rollback behavior may create a false sense of safety.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Arbitrary shell execution from untrusted input is inherently hazardous, and here it is exposed without meaningful guardrails beyond status logging. The skill's stated purpose is safe config application with rollback, so accepting unrestricted shell commands materially increases risk because callers may assume the helper is constrained when it is actually capable of running any command.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal