Homestruk Lease Renewal

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lease-renewal helper that reads tenant/property records and may create or update local renewal files, so it is suitable if the user expects those property-management actions.

Install only if you want the agent to use the referenced local tenant, property, and rent files. Keep routine expiration checks read-only, and explicitly approve any saved draft, rent-roll.json or properties.json update, tenant notice, rent change, or recurring/monthly run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to write a draft file into a user-local path under ~/.openclaw/workspace/drafts without any confirmation, safety warning, or constraint checks. Even though the target appears work-related, unattended file creation/modification is still a real security concern because an agent could overwrite existing content, create sensitive documents on disk unexpectedly, or normalize unsafe write behavior in broader contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal