config-new-agent
Security checks across malware telemetry and agentic risk
Overview
This admin skill is transparent about its goal, but it deserves review because it changes OpenClaw routing, installs multiple other skills, and enables a persistent self-improving agent.
Install only if you intend this skill to administer OpenClaw agent bindings and bootstrap new agent workspaces. Before use, verify the exact agent ID and Feishu group ID, review the full openclaw.json diff, back up the configuration, approve each additional skill installation, and confirm you know how to stop the always-running self-improving agent and remove its stored state.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.