Security audit

Local File Sender

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it says, but it gives an agent broad ability to upload local files to cloud storage as public download links without a required confirmation step.

Install only if you intentionally want a local OpenClaw agent to upload files from your computer to cloud storage and share download links. Before use, verify the exact file path and avoid secrets, credential files, private documents, browser profiles, SSH keys, or system configuration files unless you explicitly mean to disclose them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs uploading a local file to cloud storage and returning a public download link, but it does not require an explicit user confirmation acknowledging external data transfer and public exposure. This is dangerous because a casual request like 'send this file' can result in unintentional disclosure of sensitive local data beyond the intended chat platform.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The top-level description frames the capability as 'sending a local file' but does not prominently disclose that the implementation actually uploads the file to cloud storage and shares a public URL. That mismatch can mislead users about the confidentiality of the transfer and increases the risk of accidental oversharing.

Ssd 3

High

Confidence: 97% confidence
Finding: This skill enables arbitrary user-specified local file paths to be uploaded from the host machine to external cloud storage using natural language alone. In a local deployment with filesystem access, this creates a direct data exfiltration path for sensitive files, including documents, keys, configs, or personal data, if the agent is induced to access them.

Ssd 3

High

Confidence: 96% confidence
Finding: The workflow normalizes converting a local filesystem path directly into a publicly reachable cloud URL, which institutionalizes external disclosure as the default behavior. Because the skill is meant for local deployments that can access host files, the context makes this more dangerous rather than less: the agent may reach real user data and publish it externally.

Ssd 3

High

Confidence: 98% confidence
Finding: The end-to-end example demonstrates that a simple natural-language instruction is sufficient to take a local file and expose it through an externally accessible URL. This lowers operator caution, encourages unsafe use patterns, and provides a clear recipe for exfiltrating sensitive files from a machine where the agent has local access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.