Back to skill

Security audit

Sovereign Intelligence System - Equilibrium-native reasoning for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a reasoning helper, but it can make Python load code from an undisclosed local folder outside the reviewed package.

Review before installing. Ask the publisher to remove the hard-coded /home/claude/sis import path and use package-relative imports. Treat the equilibrium checks as an advisory reasoning framework, not a security guarantee, and only enable file persistence for data you are comfortable storing locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The class advertises replication to guardians, but replication failures are silently ignored. In a system relying on redundancy for durability or tamper resistance, this can create a false sense of resilience: callers may believe data was safely replicated when only the primary backend succeeded.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill states that its reasoning constraint 'applies automatically to operations that use the skill' without defining clear activation boundaries, scope, or explicit user opt-in. Ambiguous automatic activation can cause unintended interception or modification of assistant behavior, which is risky because users and downstream tools may not know when the skill is influencing decisions or state changes.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The module prepends a hard-coded filesystem path to sys.path, altering Python's import resolution globally for the process. This can cause imports to be satisfied from an unexpected local directory, increasing the risk of module shadowing, accidental loading of untrusted code, or environment-dependent behavior if that path is writable or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.