Back to skill

Security audit

Family Grocery List

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed household grocery-list skill that stores shared list data locally, with privacy and weak-access-control caveats but no evidence of hidden or destructive behavior.

Install only if you are comfortable keeping household grocery data in a shared local folder. Use a dedicated folder with appropriate OS permissions, have the intended admin run setup first, avoid sensitive directory paths, and remember that anyone able to set the stored name/path on an agent may be able to impersonate a family member.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill uses only a self-asserted name stored in agent memory to determine identity and role, so any user or compromised agent that can set or alter `family_grocery_user` can impersonate another family member, including the admin. In this context that directly enables unauthorized access to shared grocery data and privileged operations such as adding/removing users or changing admin-level configuration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to read and persist the user's identity and the shared filesystem path in long-lived OpenClaw memory, but provides no notice, consent step, retention guidance, or privacy boundary. While these values are not highly sensitive on their own, they can expose household membership and local directory structure, and persistent storage increases the chance of unintended disclosure or misuse by other skills or future sessions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The admin initialization flow directs the agent to create a directory and initialize multiple files at a user-supplied local path without an explicit warning that the skill will modify the filesystem. This can lead to unexpected writes, accidental overwriting in an unsafe location, or abuse if the provided path is overly broad, sensitive, or points somewhere unintended.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "What do we need?" is broad conversational language that can easily occur in normal family chat, causing the skill to activate unintentionally and disclose the grocery list. In a shared household context, accidental invocation can expose shopping habits, household needs, and store/location details to the wrong participant or in the wrong conversational context.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The template explicitly stores family member names and dates in a shared-path file, which is personally identifying information and may be readable by multiple users or processes depending on filesystem permissions. In a family/shared-device context this may be expected, but the absence of privacy guidance, retention limits, or permission requirements creates unnecessary exposure of household membership data.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
First-run setup silently persists the shared path and assigns the first invoking user as admin, which creates a risky trust-on-first-use flow. If setup is triggered by the wrong person, a mistaken user, or an attacker with temporary access to an agent, they can permanently seize administrative control and establish storage location choices without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.