Security audit

personal-context

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill stores a local personal profile for personalization, with privacy-relevant persistence that is disclosed and aligned with its purpose.

Install this only if you want OpenClaw to remember basic personal preferences across sessions. Review or edit ~/.openclaw/workspace/me.json after onboarding, and do not provide passwords, tokens, financial details, health information, or other sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill's activation rules are broad enough to trigger on ambiguous phrases and inferred conditions like a 'first session' or when the agent thinks its tone feels off. That can cause unsolicited collection of personal data and profile creation without a clearly intentional user request, creating privacy and consent risks even if no overtly sensitive data is requested.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The instruction to 'silently load' a personal profile every session means the agent reuses stored personal data without a contemporaneous user-facing notice or clear reminder. In a personalization skill, this increases the chance users are unaware of ongoing access to identity and preference data, which weakens transparency and informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.