Multi-Agent Skill Evaluator

Security checks across malware telemetry and agentic risk

Overview

This skill transparently evaluates other skills using sub-agents and shows no hidden install code or unsafe behavior, but it does read the target skill’s text files.

Install this if you want a Chinese-language, multi-agent reviewer for OpenClaw skills. Use it only on skill directories you intend to evaluate, because it is designed to read the target skill’s text files and share them with evaluator sub-agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description "帮我评估一下这个 skill。" is very broad and overlaps with ordinary user phrasing, which can cause the skill to trigger unintentionally in unrelated conversations. In an agent system, over-broad activation increases the chance that the skill reads large amounts of user-provided or repository content and performs multi-agent evaluation flows when the user did not explicitly intend that behavior.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill content is written to require Chinese output and does not offer a language choice or document a justified locale restriction. This is primarily a policy/usability weakness, but in security-sensitive review workflows it can also reduce operator comprehension, increase review errors, and make unsafe behavior or misleading instructions harder for some users to detect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal