Chat to Podcast

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent publishing purpose, but it can search broad local chat history and publish results publicly, so it needs careful review before installation.

Install only if you are comfortable giving the skill access to selected OpenClaw chat history and a Halo account that can publish publicly. Before using it, require the agent to show exactly which sessions or files it will read, limit extraction to specific messages, review the full draft for private information, and verify the target Halo profile, URL, slug, visibility, and overwrite behavior before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs reading current and historical OpenClaw session logs, including full conversations, based on topic, date, or keyword. This creates a data overreach issue: the skill can ingest unrelated prior chats, secrets, or personal information beyond the specific conversation the user likely intended to transform, increasing the risk of privacy leakage into generated content or downstream publication.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script unconditionally makes the created or imported post PUBLIC and published via CLI commands, with no interactive confirmation or safety gate in the publishing step itself. In a skill that transforms chat history into blog content, this increases the risk of accidentally exposing private or sensitive conversation data if upstream confirmation is skipped, bypassed, or mis-implemented.

Ssd 3

High

Confidence: 98% confidence
Finding: The workflow explicitly tells the agent to extract complete current and historical conversation records for a publication pipeline. In context, this is especially dangerous because the destination is a public blog, so any mistaken inclusion of prior chats, credentials, personal data, or confidential operational details can become externally exposed at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal