Back to plugin

Security audit

噗滋慈善 / pozzzi-charity

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.

Install only if you are comfortable connecting your own model API key and any chosen chat-channel accounts. Use dedicated credentials, avoid entering unnecessary personal or highly sensitive NGO data, and review OpenClaw's audit-log storage and deletion controls before using it for real cases. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
packages/shared/model-gateway/index.js:268
Evidence
if (_testMode && process.env.NODE_ENV !== 'test') {