Oathe Security Badge

Is skill/openclaw-macos-always-on safe?

https://clawhub.ai/skill/openclaw-macos-always-on

86
SAFE

This skill provides legitimate documentation for setting up OpenClaw as a macOS system service, but contains executable installation scripts requiring elevated privileges and system-level modifications. While the purpose appears legitimate, the code execution risks and system persistence mechanisms warrant careful consideration.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (5)

HIGH System-level installation script with elevated privileges -30

The skill contains install.sh script that requires sudo access to modify /Library/LaunchDaemons/, install system services, and change file permissions. This represents significant system-level modifications that could be exploited.

MEDIUM Instructions to download and execute remote code -15

The SKILL.md contains a one-liner command that instructs downloading and executing a script from a remote GitHub repository, which could be modified by attackers.

MEDIUM Embedded executable commands throughout documentation -10

The skill documentation contains numerous executable bash commands and shell scripts that could be copy-pasted and executed by users, including LaunchDaemon creation and system service management.

MEDIUM Provides system persistence mechanisms -10

The skill teaches how to create persistent system services using LaunchDaemons, which sophisticated attackers could adapt for malicious persistence on macOS systems.

LOW Accesses authentication tokens -5

The installation script reads OpenClaw gateway authentication tokens, though this appears to be for legitimate configuration purposes.