OpenClaw Rescue Instances

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for OpenClaw rescue gateways, but it creates persistent background services and includes an unsafe deletion path that users should review before installing.

Install only if you intentionally want macOS LaunchAgent services that keep OpenClaw gateways running in the background. Before use, add or require confirmation for delete operations, restrict instance names to a safe pattern like rescue plus digits, review copied OpenClaw config for credentials or account settings, and verify the hard-coded Node/OpenClaw paths match your machine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents deletion of rescue instances and their configuration directories, but does not mention that this may irreversibly remove local state, credentials, sessions, logs, and agent data. In an agent setting, a user may issue a natural-language delete request and the skill could perform destructive actions without an explicit confirmation or backup step, causing avoidable data loss.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill describes creating isolated instance directories that include credentials, sessions, logs, and agent data, but does not warn users that sensitive material will be duplicated and persisted on disk per instance. This increases the attack surface and risk of credential exposure, especially on shared machines or when users assume the rescue instance is ephemeral.

Session Persistence

Medium

Category: Rogue Agent
Content: echo "✓ 配置文件：$RESCUE_DIR/openclaw.json" # 3. 创建 LaunchAgent plist PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?>
Confidence: 89% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: echo "✓ 配置文件：$RESCUE_DIR/openclaw.json" # 3. 创建 LaunchAgent plist PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Confidence: 89% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: echo "✓ 配置文件：$RESCUE_DIR/openclaw.json" # 3. 创建 LaunchAgent plist PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Confidence: 89% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: # 3. 创建 LaunchAgent plist PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">
Confidence: 88% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 88% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: PLIST_FILE="$HOME/Library/LaunchAgents/ai.openclaw.gateway-$RESCUE_NAME.plist" cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key>
Confidence: 88% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: cat > "$PLIST_FILE" << EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>ai.openclaw.gateway-$RESCUE_NAME</string>
Confidence: 88% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: <string>2026.3.24</string> </dict> </dict> </plist> EOF echo "✓ 服务文件：$PLIST_FILE"
Confidence: 87% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: </dict> </plist> EOF echo "✓ 服务文件：$PLIST_FILE" # 4. 加载并启动服务 launchctl load "$PLIST_FILE"
Confidence: 91% confidence
Finding: PLIST

Session Persistence

Medium

Category: Rogue Agent
Content: echo "✓ 服务文件：$PLIST_FILE" # 4. 加载并启动服务 launchctl load "$PLIST_FILE" echo "✓ 服务已加载" # 5. 等待启动并检查
Confidence: 90% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: echo "✓ 服务文件：$PLIST_FILE" # 4. 加载并启动服务 launchctl load "$PLIST_FILE" echo "✓ 服务已加载" # 5. 等待启动并检查
Confidence: 90% confidence
Finding: PLIST

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal