Back to skill

Security audit

wallpaper-auto-switch-pro-executable

Security checks across malware telemetry and agentic risk

Overview

This wallpaper automation skill is mostly coherent, but it has a real command-injection bug in path handling and installs a persistent macOS LaunchAgent without an explicit consent gate.

Install only after the path-expansion bug is fixed by removing eval. Use trusted local wallpaper folders with ordinary names, and install the LaunchAgent only if you understand it will keep running periodically until the uninstall script removes ~/Library/LaunchAgents/com.openclaw.wallpaperrotator.plist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The expand_path function uses eval on attacker-controlled input, which can trigger shell command execution during path expansion rather than merely resolving '~'. In a wallpaper-switching skill, users are expected to provide folder paths, so this creates a direct command-injection path that is not necessary for the stated functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs installation and removal of a launchd LaunchAgent, which creates persistence on the user's system. While this appears to serve the stated wallpaper-rotation purpose rather than malware, it modifies persistent user configuration without an explicit warning, consent checkpoint, or explanation of long-lived effects, increasing the risk of unintended persistence.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs a per-user LaunchAgent and immediately bootstraps/enables it without any interactive warning or explicit confirmation. While this matches the advertised wallpaper-rotation purpose, silently establishing persistence can surprise users and reduces informed consent, which is risky behavior for an install script.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.