openclaw agent reputation

Security checks across malware telemetry and agentic risk

Overview

This blockchain reputation skill appears legitimate, but it can spend wallet gas and create permanent public reputation records without clearly requiring explicit confirmation first.

Review before installing. Use a dedicated low-balance wallet, prefer Base Sepolia/testnet, and require the agent to show the exact action, wallet, network, gas estimate, target identity, and permanence before approving any create identity or attestation transaction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill explicitly encourages natural-language use where the agent 'automatically calls relevant tool functions,' which can lead to unintended invocation of blockchain-writing actions from ambiguous user prompts. In this context, unintended activation is especially risky because some tools trigger irreversible on-chain transactions and may spend funds via the configured wallet private key.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill requires a PRIVATE_KEY and supports on-chain actions that incur gas costs and create permanent records, but the quick-start and usage guidance do not provide a strong pre-execution warning or mandatory confirmation before spending funds. In a blockchain skill, this omission materially increases the risk of users or downstream agents performing irreversible transactions unintentionally or with real assets.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal