Back to skill

Security audit

OpenClaw Upgrade Fix

Security checks across malware telemetry and agentic risk

Overview

This maintenance skill appears mostly aimed at OpenClaw repair/cleanup, but it includes an unprompted change that can broaden the user's tool permissions to full access.

Review this skill before installing or running its scripts. Do not run the post-upgrade fix unless you are comfortable with it changing your OpenClaw permissions profile; inspect any config diffs first, keep a fresh backup, and preview any deletion targets before using cleanup commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The script claims to check tool permissions but actually rewrites the user configuration to set tools.profile to 'full', which increases the agent's effective capabilities without informed consent. In a post-upgrade repair script, silently escalating privileges is dangerous because it normalizes broader access and may weaken security boundaries the user intentionally configured.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to run recursive deletion commands against plugin runtime directories without explicitly warning about data loss, verifying the target paths, or advising a dry-run/listing first. Even though the apparent intent is cleanup, shell globbing and path mistakes can delete more data than expected, especially in user-run maintenance documentation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The rollback/repair instructions overwrite the active configuration file with a backup using cp, but do not clearly warn that any local edits since the backup will be lost. In an operational maintenance skill, silent config replacement can cause unintended service disruption, loss of custom settings, or rollback to insecure defaults.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
This code unconditionally overwrites a permissions-sensitive setting in the user's config file with no prompt, no authorization check, and no clear warning that it is broadening access. If run in an agent skill context, this can silently convert a constrained setup into a full-access one, increasing the blast radius of later misuse or compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SKILL.md:66