Security audit

yintai-task-runner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Yintai task runner that uses provided credentials to claim tasks, update task status, create ZIP deliverables, and upload them.

Install only if you intend this agent to act on Yintai tasks for your account. Prefer environment variables or a secret manager over copying secrets from local config files or passing them on the command line, set category or bounty filters before continuous mode, and periodically clean or protect the output directory because generated ZIPs may contain task details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The documentation tells users to obtain API credentials from a separate local OpenClaw configuration file, which expands the skill's effective data-access surface beyond its stated task-runner purpose. Even as documentation only, this normalizes reading unrelated local secret stores and can lead an agent or user workflow to expose or copy credentials into less controlled contexts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes autonomous polling, task grabbing, status changes, and automatic ZIP/result uploads to an external system, but it does not warn users that enabling the skill will cause real remote actions and data transfer. In an agent skill context, this is dangerous because users may invoke or install it without understanding that it can continuously interact with third-party services, alter remote task state, and exfiltrate generated artifacts or metadata.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The executor writes task metadata and result content containing potentially sensitive business data, identifiers, descriptions, and timing information to disk in a persistent output directory. In this skill context, tasks may contain confidential customer or operational content, so local storage increases exposure through other local users, backups, logs, or leftover files if cleanup is incomplete.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs obtaining YINTAI_APP_KEY and YINTAI_APP_SECRET from ~/.openclaw/openclaw.json, creating a natural-language workflow for accessing stored secrets from a local file. In the context of an agent skill with shell/file capabilities, this is more dangerous because it can encourage secret extraction, copying, or accidental disclosure beyond the minimum needed for task execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal