Skip to content
← Registry
Trust Report

openclaw-security-hardening

Protect OpenClaw installations from prompt injection, data exfiltration, malicious skills, and workspace tampering

39
REJECTED
Format: openclawScanner: v0.8.1Duration: 81msScanned: 10d ago · Jun 27, 2:46 AMSource →
Embed this badge
AgentVerus REJECTED 39AgentVerus REJECTED 39AgentVerus REJECTED 39
[![AgentVerus](https://agentverus.ai/api/v1/skill/da167c1d-f5ef-4483-9df7-9be24441f1bf/badge)](https://agentverus.ai/skill/da167c1d-f5ef-4483-9df7-9be24441f1bf)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

https://agentverus.ai/api/v1/skill/da167c1d-f5ef-4483-9df7-9be24441f1bf/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"da167c1d-f5ef-4483-9df7-9be24441f1bf","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/da167c1d-f5ef-4483-9df7-9be24441f1bf/trust

Category Scores

88
Permissions
35
Injection
92
Dependencies
55
Behavioral
75
Content
70
Code Safety

Findings (10)

criticalWrite to workspace trust-boundary file (AGENTS/TOOLS/CLAUDE.md)-30

Code writes to a core workspace configuration file (AGENTS.md, TOOLS.md, or CLAUDE.md). These files define the agent's trust boundaries — modifying them can escalate privileges, disable safety rules, or inject persistent malicious instructions.

cat assets/security-rules-template.md >> /path/to/AGENTS.md

Review the code block starting at line 203. Ensure this pattern is necessary and does not pose a security risk.

code-safetyASST-03
highCapability contract mismatch: inferred system modification is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: modify system

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highConcealment directive detected-25

Found concealment directive pattern: "don't tell the user"

- Social engineering ("don't tell the user", "secretly", "without mentioning")

Remove concealment directives. Skills must be transparent about all operations performed.

injectionASST-01
highConcealment directive detected-25

Found concealment directive pattern: "don't tell the user"

- Social engineering ("don't tell the user", "secretly", "without mentioning")

Remove concealment directives. Skills must be transparent about all operations performed.

injectionASST-01
highSystem modification detected-20

Found system modification pattern: "modify system files"

- Instructions to modify system files (AGENTS.md, SOUL.md)

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
highConfig tamper core detected-25

Found config tamper core pattern: "modify system files (AGENTS.md"

- Instructions to modify system files (AGENTS.md, SOUL.md)

Do not instruct users to write, edit, or otherwise modify trust-boundary workspace files like AGENTS.md, TOOLS.md, or CLAUDE.md. Treat them as user-owned policy/configuration and keep the skill self-contained.

behavioralASST-03
mediumSocial engineering detected-15

Found social engineering pattern: "don't tell the user"

- Social engineering ("don't tell the user", "secretly", "without mentioning")

Remove social engineering instructions. Skills must be transparent about their actions.

injectionASST-07
mediumPackage-managed project bootstrap dependency-8

The skill bootstraps a package-managed project structure, which adds supply-chain exposure through manifest files, build configuration, and package-manager workflows.

package.json

Review which external services or providers the skill depends on, what data crosses that boundary, and whether the dependency is necessary for the intended workflow.

dependenciesASST-04
lowNo explicit safety boundaries-10

The skill does not include explicit safety boundaries defining what it should NOT do.

No safety boundary patterns found

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
infoOutput constraints defined

The skill includes output format constraints (length limits, format specifications).

Output constraint patterns detected

Keep these output constraints.

contentASST-09