OpenFunderse Strategy
Security checks across malware telemetry and agentic risk
Overview
This skill is disclosed as a blockchain participant bot, but it asks for wallet-key authority and can submit financial/vault actions while mutating global OpenClaw runtime state.
Install only if you intend to run a blockchain bot with a dedicated low-balance participant wallet. Review the npm package before running it, keep explicit-submit required, leave auto-submit disabled unless intentional, restrict trusted relayer hosts, avoid HTTP outside local testing, and back up OpenClaw config before allowing env sync or gateway restart.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.