Reading & Knowledge

Security checks across malware telemetry and agentic risk

Overview

This appears to be an educational reading companion with purpose-aligned memory notes, but users should understand it may retain learning preferences and reading history.

Install if you are comfortable with the skill keeping a local learning profile such as interests, questions, preferences, and reading lists. Avoid sharing sensitive personal details during educational chats unless you are comfortable with them being remembered, and review or clear the memory file if your OpenClaw setup supports that.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to retain user interests, questions, feedback, and a personal reading list, but provides no notice, consent mechanism, retention limits, or guidance on handling personal data safely. Even if the data seems low sensitivity, it can still reveal detailed profiles of a user's interests and behavior over time, creating privacy and compliance risk if stored or reused unexpectedly.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The memory template explicitly stores personal profile data, interests, learning preferences, and reading history without any notice of retention, consent, or limits on what should be saved. Even though the data is not highly sensitive by itself, persistent accumulation of user preferences and behavior can create a meaningful privacy risk if exposed, reused unexpectedly, or retained longer than the user expects.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states it maintains a memory file containing user interests, questions, reading lists, and learning preferences, but it provides no disclosure, consent flow, retention limits, or guidance on what data should or should not be stored. This creates a privacy and data-handling risk because users may share sensitive personal information under the assumption of a harmless educational interaction, while the skill encourages persistent collection and profiling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal