Back to skill

Security audit

IceCube Diary

Security checks across malware telemetry and agentic risk

Overview

This diary-writing skill is mostly coherent, but it mixes creative generation with persistent diary storage, idle-time generation, and public posting ideas without clear user controls.

Review this skill before installing if you care about local records or accidental publishing. Use it only if you are comfortable with diary entries being saved under the OpenClaw workspace, and avoid enabling any idle-time generation or social posting workflow unless you have confirmed where content is stored, how to delete it, and whether posting requires explicit approval each time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script persistently writes diary content into the agent workspace under $HOME/.openclaw/workspace/memory/diary, which creates undisclosed state outside the user’s immediate request. For a creative-writing skill, hidden persistence is risky because it can accumulate sensitive prompts or inferred user context over time and may later be read by other components or skills.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Very broad trigger phrases like 'creative writing' or 'funny AI' can cause unintended invocation in unrelated conversations. If the skill activates unexpectedly, it may alter outputs, collect/store content under false assumptions, or interfere with normal user workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages storing entries and generating content during idle time without clear user-facing disclosure about what data is retained or when processing occurs. In context, diary entries may include personal, emotional, or work-related material, so background generation and storage increase privacy risk and reduce informed consent.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The script appends content to a persistent file under the user's workspace without any notice, confirmation, or dry-run mode. While the written content is low-risk diary text and the path is confined to a user-owned directory, it still modifies persistent user data automatically, which can surprise users, create unwanted records, or accumulate clutter over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.