CLIProxy FREE API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed deployment-oriented skill for setting up an OpenClaw security stack, with powerful system actions that fit its purpose but require careful user control.

Install only if you intend to let an agent help deploy and manage this security stack. Use a dedicated host or VM, review sudo/install commands before running them, protect generated tokens and provider credentials, and confirm any reverse proxy, tunnel, firewall, or public exposure changes explicitly.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs the agent to inspect the environment, install and start services, verify listeners, and potentially configure reverse proxies or firewall exposure, which implies shell-capable actions. Having no declared permissions while directing system-level deployment work creates a mismatch between stated trust boundaries and actual capability needs, increasing the risk of unauthorized or opaque command execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal