Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This is a skill-authoring helper that can create and modify local skill files, but the file writes are disclosed, purpose-aligned, and not paired with hidden network, credential, persistence, or destructive behavior.

Install this only if you want an agent to help author or revise OpenClaw skills. Before letting it modify an existing skill, name the exact target directory and review the diff afterward. Be aware that this version has malformed frontmatter and confusing install-command text, so verify the package slug and generated SKILL.md metadata before publishing anything made with it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are unusually broad for a high-privilege skill that can create, edit, restructure, and audit skills. Terms like "improve this skill," "review the skill," "tidy up the skill," and "build a new skill" can overlap with ordinary editing or review requests, increasing the chance the skill is invoked when the user did not intend to grant file-modification behavior. In this context, unintended invocation is more dangerous because the skill explicitly guides creating and modifying workspace files and directories.

Self-Modification

High

Category: Rogue Agent
Content: touch skills/<skill-name>/SKILL.md ``` ### Step 4: Write SKILL.md **Frontmatter rules (two hard rules):** 1. `name`: lowercase + hyphens, ≤64 chars
Confidence: 89% confidence
Finding: Write SKILL

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal