Freedom Preserving Protocol — Enforcement

Security checks across malware telemetry and agentic risk

Overview

This OpenClaw plugin transparently adds a local tool-call approval and audit layer, with a real but disclosed limitation that its heuristic classifier can miss nonstandard or evasive tools.

Install only if you want an OpenClaw dispatcher-level approval and audit layer. Treat it as best-effort policy enforcement, not a complete security boundary; review blockOn and approvalOn defaults, keep timeout behavior set to deny for sensitive work, and avoid relying on it against custom or adversarial tools that may not match its classifier patterns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tool Parameter Abuse

High

Category: Tool Misuse
Content: params: Record<string, unknown>, ): ClassificationResult | null { const lower = toolName.toLowerCase(); const isDelete = /delete|remove|unlink|rm\b/.test(lower); const isWrite = /write|edit|put|patch|create|move|rename/.test(lower); const isRead = /read|get|cat|stat|list|ls\b/.test(lower); if (!isDelete && !isWrite && !isRead) return null;
Confidence: 89% confidence
Finding: rm\b/

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal