Teleport Machine ID tbot Bootstrap (MacOS LaunchAgent)

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sets up a persistent macOS Teleport bot identity, which is sensitive but matches its stated purpose.

Install only if you intend this Mac user account to maintain a persistent Teleport machine identity for automation. Use least-privilege Teleport roles and label-scoped access, protect the onboarding token or registration secret, review the generated plist and tbot config, and restrict permissions on the tbot directory and files. Before cleanup, confirm the rm paths point only to this skill's LaunchAgent and tbot directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script accepts sensitive bootstrap credentials (`--token` or `--registration-secret`) and then creates persistent bot configuration, state, identity, and log files under a user-writable directory without warning the operator or explicitly restricting permissions. In the context of a Teleport Machine ID bootstrapper, these files can contain material that enables continued authentication or reveals operational details, so silent persistence increases the risk of credential exposure and unintended long-term access.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ## Uninstall / cleanup - `launchctl bootout gui/$(id -u)/com.openclaw.tbot` - `rm -f ~/Library/LaunchAgents/com.openclaw.tbot.plist` - Remove bot files if desired: `rm -rf ~/.openclaw/workspace/tbot`
Confidence: 74% confidence
Finding: rm -f ~/Library/LaunchAgents/com.openclaw.tbot.plist` - Remove bot files if desired: `rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ## Uninstall / cleanup - `launchctl bootout gui/$(id -u)/com.openclaw.tbot` - `rm -f ~/Library/LaunchAgents/com.openclaw.tbot.plist` - Remove bot files if desired: `rm -rf ~/.openclaw/workspace/tbot`
Confidence: 74% confidence
Finding: rm -f ~/Library/LaunchAgents/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: - `launchctl bootout gui/$(id -u)/com.openclaw.tbot` - `rm -f ~/Library/LaunchAgents/com.openclaw.tbot.plist` - Remove bot files if desired: `rm -rf ~/.openclaw/workspace/tbot`
Confidence: 78% confidence
Finding: rm -rf ~/.openclaw/workspace/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal