Maxclaw Helper 1.1.0

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MaxClaw/OpenClaw helper skill with broad activation wording but no hidden code, persistence, or privileged behavior.

Before installing, be aware that this skill may activate on generic help or troubleshooting phrases, so verify it is relevant to your MaxClaw/OpenClaw question. It may direct the agent to consult OpenClaw docs or a MiniMax Feishu wiki, but the artifact does not itself run code or request credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list is extremely broad and includes common phrases such as 'how to', 'can I', 'setup', 'configure', and 'failed to', which are likely to appear in many unrelated conversations. This can cause the skill to activate outside its intended MaxClaw/OpenClaw support context, leading to context hijacking, unnecessary tool use, or misrouting users into this skill instead of more appropriate logic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal