Security audit

Gateway Sentinel

Security checks across malware telemetry and agentic risk

Overview

This watchdog is purpose-aligned, but it runs persistently and can automatically mutate the user’s Git workspace and duplicate alert secrets into service configuration, so it deserves careful review before installation.

Install only if you want an always-on OpenClaw watchdog that can restart services and change the configured Git workspace. Before enabling it, review ~/.openclaw/guardian.env permissions, check the generated service file for copied secrets, verify .gitignore coverage, and leave GUARDIAN_ENABLE_ROLLBACK=false unless you have tested recovery and accept git reset risks.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill documentation describes extensive shell-driven capabilities including service installation, process control, git operations, and network alerting, but it declares no explicit permissions. This creates a trust and review gap: users or platforms may approve the skill without understanding it can execute privileged local actions and persist as a background service.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The rollback path uses `git reset --hard` after an attempted stash and claims it will never lose user changes, but `git stash push` may not capture all relevant state and `git stash pop` can fail, leaving changes unapplied after a destructive reset. In a watchdog that can run unattended, this creates a real risk of silent data loss or operational breakage during an automated repair.

Intent-Code Divergence

Low

Confidence: 92% confidence
Finding: The comment suggests secrets are safe if `.gitignore`d, but the snapshot logic blindly runs `git add -A`, which will stage any unignored files, including accidentally created credentials, tokens, dumps, or config files. In a tool designed to auto-commit daily snapshots, this can persist sensitive data to repository history without operator review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal