Openclaw Doc Helper
Security checks across malware telemetry and agentic risk
Overview
The available evidence shows purpose-aligned ClawHub/Convex workflow guidance with disclosed local CLI and staff-action commands, not hidden or deceptive behavior.
Install only if you are comfortable with skills that guide local development commands and, for maintainer workflows, authenticated ClawHub/GitHub actions. Review the autoreview and moderation sections before use, especially where code may be sent to reviewer CLIs or where staff commands can change public ClawHub state.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.