Openclaw Skill
Security checks across malware telemetry and agentic risk
Overview
The skill is openly a security gatekeeper, but it relies on unbundled CORD engine code loaded from environment or local paths, which users should review before trusting it.
Install only if you want CORD to act as a broad gatekeeper for agent actions. Before relying on it, verify the actual cord_engine source and version, avoid pointing CORD_ENGINE_PATH at untrusted directories, and treat status output as sensitive because it may reveal recent intents, commands, paths, and network targets.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.