Skill Creator Plus

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for creating OpenClaw skills, with no bundled executable code, credentials, persistence, or hidden install behavior.

Reasonable to install if you want help authoring OpenClaw skills. Review any generated skill before publishing, especially scripts, credential instructions, persistence declarations, and metadata, because this skill provides guidance rather than enforcing those checks automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The description says the skill triggers when creating new skills or modifying existing ones, which is a very broad activation condition for a meta-skill that can generate or alter other agent behavior. Over-broad triggering increases the chance the skill is invoked in unrelated contexts and can steer or rewrite other skills unexpectedly, amplifying mistakes or malicious prompt injection contained in the skill itself.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill description and body are written as mandatory Chinese guidance without indicating language should follow user preference. Forced language behavior can cause user misunderstanding of generated security-critical instructions and may make the agent ignore explicit user language requirements, reducing safe usability and reviewability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal