Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Ollama Memory Setup
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent local Ollama setup helper for OpenClaw memory search; its side effects are disclosed and gated behind explicit flags.
Install this only if you want OpenClaw memory search configured through local Ollama. Run the diagnostic mode first, approve --install and --apply-config only when you are ready for software installation, service startup, model download, and config changes, keep Ollama on localhost when possible, and avoid sensitive quality-test queries if terminal or agent logs are captured.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)
External Script Fetching
High
- Category
- Supply Chain
- Content
Linux: ```bash curl -fsSL https://ollama.com/install.sh | sh ollama serve ```
- Confidence
- 90% confidence
- Finding
- curl -fsSL https://ollama.com/install.sh | sh
External Script Fetching
High
- Category
- Supply Chain
- Content
command -v brew >/dev/null 2>&1 || { fail "Homebrew missing. Install Ollama manually: https://ollama.com"; exit 1; } brew install ollama else command -v curl >/dev/null 2>&1 || { fail "curl missing. Install curl or Ollama manually."; exit 1; } curl -fsSL https://ollama.com/install.sh | sh fi else- Confidence
- 90% confidence
- Finding
- curl missing. Install curl or Ollama manually."; exit 1; } curl -fsSL https://ollama.com/install.sh | sh
Chaining Abuse
High
- Category
- Tool Misuse
- Content
Linux: ```bash curl -fsSL https://ollama.com/install.sh | sh ollama serve ```
- Confidence
- 70% confidence
- Finding
- | sh
Chaining Abuse
High
- Category
- Tool Misuse
- Content
Linux: ```bash systemctl --user restart ollama 2>/dev/null || sudo systemctl restart ollama 2>/dev/null || ollama serve ``` If Ollama was installed as a desktop app, open it once and retry.
- Confidence
- 75% confidence
- Finding
- | sudo
Tool Parameter Abuse
High
- Category
- Tool Misuse
- Content
TEMP_PATHS=() cleanup() { if [ ${#TEMP_PATHS[@]} -gt 0 ]; then rm -rf -- "${TEMP_PATHS[@]}" 2>/dev/null || true fi } trap cleanup EXIT- Confidence
- 95% confidence
- Finding
- rm -rf -- "${TEMP_PATHS[@]}" 2>/dev/
Chaining Abuse
High
- Category
- Tool Misuse
- Content
brew install ollama else command -v curl >/dev/null 2>&1 || { fail "curl missing. Install curl or Ollama manually."; exit 1; } curl -fsSL https://ollama.com/install.sh | sh fi else fail "ollama missing. Re-run with --install or install from https://ollama.com"- Confidence
- 70% confidence
- Finding
- | sh
VirusTotal
63/63 vendors flagged this skill as clean.