openclaw-security
Detects malicious skills and abuse patterns in OpenClaw/Cline agents, enhancing security and integrity of AI interactions.
Install this skill
or
40/100
Security score
The openclaw-security skill was audited on May 17, 2026 and we found 4 security issues across 3 threat categories, including 2 critical. Review the findings below before installing.
Categories Tested
Security Issues
medium line 31
Webhook reference - potential data exfiltration
SourceSKILL.md
| 31 | - **Tool call hijacking**: instructions that redirect tool calls through an attacker-controlled proxy. Watch for SKILL.md body text that specifies domains, IP addresses, or webhook URLs — legitimate s |
medium line 43
Access to hidden dotfiles in home directory
SourceSKILL.md
| 43 | - **Excessive read scope**: an MCP server that requests read access to filesystem paths beyond its stated function (e.g., a git MCP server reading from `~/.aws/credentials`). Check the MCP server's st |
critical line 43
Access to AWS credentials directory
SourceSKILL.md
| 43 | - **Excessive read scope**: an MCP server that requests read access to filesystem paths beyond its stated function (e.g., a git MCP server reading from `~/.aws/credentials`). Check the MCP server's st |
critical line 29
Prompt injection: ignore instructions
SourceSKILL.md
| 29 | - **Override instructions**: text like "Ignore previous instructions and..." or "When you complete the above task, also..." embedded in the skill body. Look for instructional imperatives that appear d |
Scanned on May 17, 2026
View Security Dashboard