Security audit
Huo15 Openclaw Verify Mode
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only verification skill that tells an agent to inspect code and run normal project checks, with no hidden executable code or credential use.
Installers should understand that using this skill can cause the agent to run the project’s normal test, build, or lint commands. That is appropriate for verification, but review project scripts first if they may modify files, contact services, or depend on sensitive local configuration.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.