Security audit

IceCube Service Pricing

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only pricing and quotation skill with no executable code; its main risk is storing customer and revenue details in local memory files if users choose to do so.

Install only if you want an agent to help draft IceCube/OpenClaw service quotes, payment reminders, and revenue summaries. Keep real customer names, contact details, payment QR codes, account identifiers, and receivables records out of public or shared skill files, and apply your own retention and access controls for any monthly tracking files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to record customer and revenue data such as client names, project status, and payment information in persistent monthly files, but it provides no privacy, retention, access control, or minimization guidance. In practice, this can lead to unnecessary storage of personal or commercially sensitive information, increasing the risk of data leakage, unauthorized access, or noncompliance with privacy obligations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.