Back to skill

Security audit

status-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uploads OpenClaw agent IDs to a cloud status dashboard, but users should understand the credential and background-sync implications before enabling it.

Install only if you trust the monitoring dashboard and are comfortable sharing your OpenClaw agent IDs and heartbeat timing with it. Prefer setting the token through the documented environment variable or a local credential file rather than pasting secrets into chat, protect or rotate the token if exposed, and use the documented stop command before uninstalling or when you no longer want background uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The installation guide instructs users to enable periodic uploads of agent identifiers to a third-party cloud service and to provide an authentication token to OpenClaw, but it does not clearly disclose the trust boundary, retention, access, or compromise implications. In a security-sensitive agent ecosystem, lack of explicit consent and credential-handling guidance can lead users to expose operational metadata and secrets without understanding the risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automatic syncing of agent status to a cloud dashboard, but it does not clearly foreground that this is an ongoing background network transmission to a third-party service. Even if only agent IDs are sent, persistent telemetry can expose operational presence, activity timing, and infrastructure metadata, creating privacy and monitoring risks if users enable it without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes automatic synchronization of agent status and IDs to a remote cloud dashboard, but it does not clearly and prominently warn users that operational metadata will be transmitted off-host. This can lead to uninformed deployment of a monitoring feature that exposes agent presence, activity patterns, and identifiers to a third-party service, creating privacy, confidentiality, and compliance risks.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger set includes broad phrases such as 'sync status', 'start daemon', 'run in background', and similar everyday language that could be spoken in unrelated contexts. Because the skill can start background processes and perform uploads, accidental invocation could enable persistent monitoring or network activity without deliberate user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description says the skill syncs agent online status to a cloud monitoring platform but does not clearly warn users that agent IDs and status metadata will be periodically uploaded remotely. This weak disclosure is dangerous because users may enable continuous background syncing without understanding what telemetry leaves the local system.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the user to paste a monitoring token directly into the chat interface, then stores it for later use. Collecting secrets through natural-language chat exposes credentials to model logs, transcripts, prompt history, screenshots, or downstream integrations, turning the agent itself into a credential collection channel.

Missing User Warnings

High
Confidence
99% confidence
Finding
The example conversation includes a full token value in plaintext, normalizing unsafe credential handling and providing a copyable pattern for users to follow. Even if the token is an example, displaying a realistic secret format in documentation encourages disclosure of real credentials through the chat channel.

Ssd 3

Medium
Confidence
98% confidence
Finding
This section explicitly tells the user to send the token to the agent and then persists it to disk, creating a direct credential ingestion path through the model interface. That is dangerous because it increases the chance of secret exposure in chat logs and combines secret collection with local persistence, expanding both confidentiality and compromise risks.

Ssd 3

Medium
Confidence
96% confidence
Finding
The error-handling and example sections repeatedly tell users to 'send me the token' and show this as normal recovery behavior. Repetition makes the insecure pattern more likely to be followed and increases the odds that users disclose valid credentials during troubleshooting or routine operation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
INSTALL.md:156