Synapse Brain

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent local task-orchestration skill, but it needs review because its installer and state-file handling can make under-controlled local changes.

Install only if you want a local persistent task manager that stores project and task history on disk. Avoid secrets in project names, task titles, notes, or failure messages; use simple project names without slashes or ..; back up any existing ~/.openclaw/skills/synapse-brain directory before running install.sh; and ask the maintainer to add path validation, safer upgrade/uninstall prompts, and correct archive retention before relying on it for important history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises capabilities that include persistent state management and installation steps that imply local file creation/modification, yet it declares no permissions. This creates a transparency and consent gap: users and hosting platforms may not realize the skill can write session data such as state.json or modify local skill directories, increasing the risk of unexpected persistence and unauthorized file changes.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The archive implementation does not enforce the documented 30-day retention window. Because it compares each completed task's timestamp to the current time string, nearly every completed task with a valid past timestamp will be archived immediately, which can cause unintended loss of active history and undermine integrity of long-term task tracking in a persistence component.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill prominently documents cross-session persistence via state.json, including task history, project names, agent usage, and knowledge metadata, but does not provide a user-facing warning about retention. In a multi-session orchestrator, this is especially sensitive because the stored data can reveal workflow details, project context, and potentially confidential operational information long after a session ends.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill describes automatic knowledge ingestion and state updates from local files without warning that file content and related metadata may be persisted or indexed. This is risky because users may provide sensitive local documents assuming ephemeral processing, while the orchestrator and linked wiki component may retain or expose their contents across future sessions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs automatic persistence of cross-session state and later logging of session activity to `state.json`, but it does not require clear user consent, data minimization, or disclosure of what may be stored. In a persistent orchestration agent, this can lead to retention of sensitive prompts, task metadata, or operational context across sessions without the user's informed awareness, increasing privacy and data exposure risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The installer unconditionally removes an existing installation directory with `rm -rf "$SKILL_DEST"` even when `--force` is not supplied, which can destroy user data, local modifications, or configuration without confirmation. In a skill that manages persistent state and cross-session workflows, silent overwrite behavior is more dangerous because users may expect continuity and may keep valuable state or customizations under the skill directory.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal