Back to skill

Security audit

openclaw-agent-onboarding

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw onboarding helper that can propose installs and create local setup files, with confirmation gates for risky changes.

Before approving actions, review every npm, ClawHub, GitHub, or ZIP source, prefer allowlisted ClawHub packages, and use plan-only mode if you do not want local files or skills changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to run shell commands such as `npm i -g clawhub` and `clawhub install ...`, and to read or run helper scripts in `scripts/`, yet it declares no permissions. That mismatch is dangerous because users and enforcement layers may assume the skill is advisory-only when it can actually trigger system changes, installs, or script execution in a bootstrap context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The baseline explicitly recommends installing skills from external GitHub repositories and even a backup ZIP URL, which bypasses the stated allowlist/manual-confirmation safety model unless additional trust checks are enforced. In an onboarding/bootstrap skill, these recommendations are more dangerous because users are likely to follow them during initial setup, creating a supply-chain risk from tampered repos, swapped tags, or modified ZIP artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.