Active Maintenance

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed maintenance helper, but users should inspect the referenced local cleanup script before running it.

Install only if you want an agent to perform local maintenance. Before running it, open and review /root/.openclaw/workspace/scripts/nightly_optimizer.py and confirm TEMP_DIRS, file age rules, exclusions, and logging match what you are comfortable deleting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly advertises automatic cleanup that removes aged temporary files and artifacts, but the documentation provides no safeguards such as scoping, dry-run mode, exclusions, confirmation, or backup guidance. In a maintenance skill, automated deletion is contextually plausible, but without clear limits it can still cause unintended data loss or deletion of files that are only temporarily inactive rather than truly disposable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal