OpenClaw Ops Guardrails

Security checks across malware telemetry and agentic risk

Overview

This operations troubleshooting skill appears purposeful, but it includes under-scoped instructions that weaken approval controls and expose gateway credentials in shell commands.

Install only after reviewing the failure playbook. Do not leave approval prompts disabled, use any full-access mode only temporarily and under supervision, and replace command-line tokens with a safer secret mechanism such as an environment variable, secure prompt, or credential store.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The playbook explicitly tells operators to set `ask=off` to bypass approvals, but provides no guardrails, scope limits, or warning that this weakens an access-control mechanism. In an operations skill that standardizes troubleshooting, this can normalize permanent approval disablement and enable unauthorized remote execution if applied broadly or left enabled.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The probe command embeds a gateway token directly on the command line without any warning about shell history, process-list exposure, transcript logging, or redaction. In a CLI-focused ops workflow, operators are especially likely to paste such commands into terminals and shared logs, increasing the chance of credential leakage and subsequent unauthorized gateway access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal