Exec Inspector

Security checks across malware telemetry and agentic risk

Overview

Exec Inspector is a legitimate local history viewer, but it asks agents to expose sensitive command logs and promotes persistent monitoring without enough scoping or warnings.

Install only if you are comfortable with an agent reading local OpenClaw session logs. Avoid enabling the daemon unless you have reviewed its actual script, stop it when done, prefer direct one-shot queries, and redact history exports or full JSON records before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill goes beyond passive inspection and explicitly documents starting, stopping, and tailing a background daemon that continuously monitors exec activity. That expands the capability from read-only analysis into persistent surveillance and long-running process management, which increases privacy and operational risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs creation of executable scripts under ~/.openclaw/scripts and recommends shell aliases in rc files, which modifies the user's environment rather than only analyzing existing history. Environment modification and installation steps create persistence and can surprise users who only requested inspection functionality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The quickstart instructs users to append aliases directly into ~/.zshrc and ~/.bashrc and immediately source the modified file, but it does not clearly warn that this creates a persistent change to the user's shell environment. Persistent profile modification can surprise users, complicate rollback, and normalize editing startup files for convenience without explaining trust implications.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide encourages listing, searching, and analyzing exec command history without warning that command histories may contain sensitive data such as secrets pasted into commands, internal hostnames, repository paths, or operational activity. Exposing or normalizing access to this history increases privacy and security risk, especially when the tool may be used through an AI assistant.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README encourages exporting full execution history and viewing complete JSON records, but does not warn that these records can contain sensitive commands, session identifiers, model metadata, and usage details. In an agent environment, shell commands and history often include secrets, internal paths, repository names, or operational context, so promoting unrestricted export increases the chance of accidental disclosure or insecure sharing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to inspect raw session files and grep exec records directly from local session logs without noting that these logs may expose sensitive operational history. Such files can reveal command contents, timestamps, session IDs, and other metadata that may aid credential discovery, environment mapping, or forensic reconstruction if copied or shared carelessly.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The markdown directs the AI to immediately execute commands that reveal exec history based on natural-language triggers, without prompting the user about the sensitivity of command history. Command logs often contain secrets, internal paths, tokens, or operational details, so auto-disclosure is risky even when the user asks broadly.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The daemon-mode guidance enables continuous background monitoring and real-time output of every exec action, but does not present an in-context warning about privacy, retention, or performance implications. Continuous monitoring substantially raises the chance of exposing sensitive activity beyond the user's immediate intent.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The alias/setup instructions encourage writing to shell startup files and executable paths without directly warning that they permanently modify the user's environment. Even if the change is not inherently malicious, hidden persistence and configuration changes can violate user expectations and complicate recovery.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill encourages direct retrieval and presentation of exec history and detailed session records in normal conversation flows. Those records can contain sensitive commands, file paths, credentials pasted into shells, and internal operational context, so exposing them in plain language creates a meaningful confidentiality risk.

Ssd 3

High

Confidence: 97% confidence
Finding: The daemon guidance describes persistent automatic capture and continuous output of every exec action, which effectively creates an always-on activity logger. This materially increases surveillance and disclosure risk because sensitive commands and workflows may be collected and displayed without narrow scoping or per-event consent.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill explicitly instructs viewing complete exec tool call details including inputs and outputs from session files. Inputs and outputs can contain secrets, proprietary data, and sensitive user content far beyond simple command names, making this a direct path to overexposure of confidential information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal