Openclaw Create Agent

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the OpenClaw Feishu setup it advertises, but it handles Feishu app secrets unsafely while making persistent routing changes and restarting the gateway.

Install only if you intentionally want this skill to change OpenClaw Feishu routing. Before use, review the planned openclaw.json change, avoid sharing command output, and prefer patching the helper to read secrets from a safer source and redact appSecret from summaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation text is broad enough that the skill may trigger on generic requests to create or add an agent, even though it performs sensitive follow-up actions such as modifying persistent config and restarting the gateway. Over-broad invocation increases the risk of accidental execution in contexts where the user did not intend service disruption or config mutation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow directs the agent to read, back up, modify persistent config, and restart the gateway, but it does not require a clear warning and explicit consent immediately before those destructive or disruptive actions. This is dangerous because users may not realize the skill will alter durable routing state and interrupt running service behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal