Professional Agent Forge

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill that generates professional OpenClaw agent package templates and does not install code, run commands, or access accounts by itself.

Use this when you intentionally want to generate an OpenClaw role-agent package. Review any generated MCP server, account integration, filesystem/database access, and long-term memory recommendation before enabling it, especially for legal, client, business, or production data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description and trigger examples are broad enough that ordinary requests about professions, personas, or role setup could invoke this skill when the user did not explicitly want a full agent package. Over-broad activation can cause inappropriate context capture or generate high-authority professional content in situations where a narrower or safer skill should have handled the request.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The reference-file trigger table uses ambiguous keywords such as 'engineer', 'legal', 'designer', and 'content', which commonly appear in unrelated conversations. This increases the chance the skill reads and applies a profession reference in the wrong context, leading to unintended behavior, mismatched guidance, or privilege-like overreach in agent composition.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal