Back to skill

Security audit

Sx Security Audit 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a broad local security-audit skill with an optional Feishu report sender, so it is sensitive but coherent and not hidden or automatic.

Install only if you want a broad local security audit. Prefer scoped runs such as --check for sensitive areas, inspect generated reports before sharing, and treat Feishu/webhook delivery as sending potentially sensitive security details off the local machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and documents capabilities to read environment variables, scan files, write reports, execute shell commands, and perform network egress, but no declared permissions are present. This creates a transparency and consent gap: a user or platform may invoke a high-privilege skill without clear authorization boundaries, increasing the risk of secret exposure or unintended outbound transmission.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is security auditing, but the skill also includes report delivery to Feishu via webhook or plugin API, which is an external data-exfiltration path not clearly reflected in the primary description. Because the audit can collect highly sensitive material such as environment variables, keys, config contents, port data, and commit diffs, this mismatch materially increases the danger of unintended disclosure.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest-level description does not disclose that audit reports may be sent to Feishu, while the body text states that this is supported. This omission can mislead users about data flow and cause them to invoke a local audit tool that also has outbound reporting capability.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Feishu webhook and plugin API integration adds a non-essential outbound communication channel to a skill that processes sensitive audit results. Even if intended for convenience, this extra egress path enlarges the attack surface and raises the consequences of accidental inclusion of secrets in reports.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends security audit report contents to Feishu/OpenClaw endpoints, which is a real data disclosure path because audit reports commonly contain sensitive system details, findings, paths, and possibly secrets. In the context of a security-audit skill whose stated scope is local scanning/auditing, external transmission materially increases risk, especially because sending is built into the workflow rather than being strongly gated by an explicit disclosure/consent step.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code reads ~/.openclaw/openclaw.json to discover plugin endpoints unrelated to the provided report file, expanding its access into user-level configuration without explicit need or consent. This is dangerous because it can silently leverage preconfigured external integrations and route sensitive audit output to endpoints the user did not specify for this run.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Broad trigger phrases such as generic requests for security checks or audits can overlap with normal conversation and cause unintentional invocation. In this skill, accidental activation is more dangerous because it may scan sensitive local data and potentially prepare or send reports externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly scans environment variables and other sensitive sources, and also supports sending reports to Feishu, yet it does not present a clear privacy or data-exfiltration warning. This is dangerous because users may unknowingly authorize collection and onward transfer of secrets, tokens, or infrastructure details.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script transmits report content to Feishu endpoints discovered from local OpenClaw configuration without an explicit user-facing warning that sensitive audit data will be disclosed externally. That is risky because security audit reports often include confidential host, dependency, configuration, and secret-related information, and silent disclosure undermines the expected trust boundary of a local auditing skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.exposed_secret_literal

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/security_audit.py:408

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/code-security.md:92