Amplifier

Security checks across malware telemetry and agentic risk

Overview

This skill transparently installs and uses an Amplifier CLI for multi-agent task delegation, with privacy and persistence considerations users should understand.

Install only if you trust the referenced Amplifier OpenClaw package and are comfortable delegating task details to that framework. Avoid sending secrets, credentials, regulated data, or private business material unless you understand and accept the configured Amplifier data handling and session retention behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to delegate user tasks to an external multi-agent framework and to persist sessions, but it does not disclose that user prompts, code, or other task content may be sent to a third-party service or retained across runs. This creates a real privacy and data-governance risk, especially when users provide sensitive source code, credentials, internal architecture details, or regulated data under the assumption the assistant is handling the task locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal