Back to plugin

Security audit

OpenClaw Swarm Layer

Security checks across malware telemetry and agentic risk

Overview

This package is a disclosed local workflow orchestrator for OpenClaw, with project-scoped state, optional ACP automation, and no artifact evidence of deception or exfiltration.

Install this only if you want OpenClaw to manage local project workflows. Expect local state and reports under .openclaw/swarm, optional Obsidian copies if configured, and a startup service. Keep ACP/autopilot disabled until you have reviewed allowed agents, runtime mode, and review policy; be careful with bulk approval commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The conversational patterns include broad natural-language examples such as "approve everything" and "what's happening?" without explicit activation boundaries or confirmation requirements. In an agent skill, that can cause overbroad matching and unintended execution of review or workflow actions when a user is merely discussing options, especially because this skill can dispatch runs, approve tasks, and alter workflow state.

Vague Triggers

Low
Confidence
71% confidence
Finding
The module router maps vague user intents like "Something broken, stuck, or failing" or "Check progress" to operational modules without clear disambiguation criteria. This can lead an agent to select powerful operational paths based on ambiguous conversational context, increasing the risk of unintended command execution or misleading workflow transitions.

VirusTotal

52/52 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/runtime/bridge-openclaw-session-adapter.js:57
Evidence
const child = spawn(argv[0], argv.slice(1), {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/runtime/bridge-openclaw-subagent-adapter.js:44
Evidence
const child = spawn(argv[0], argv.slice(1), {