Back to skill

Security audit

Research

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate research-document helper, but its optional setup and auto-check features should be used deliberately.

Install only if you want research prompts and findings saved under the OpenClaw workspace and, for deep research, sent to Parallel AI. Prefer safer uv installation methods over curl-to-shell, avoid putting API keys in every shell unless you accept that exposure, verify any referenced helper scripts before symlinking them into PATH, and enable cron auto-checks only for runs you started.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup instructs users to append `export $(cat ~/.secrets/parallel_ai/.env | xargs)` to `~/.bashrc`, causing credentials from a file to be automatically loaded into every future shell. This increases the chance of unintended credential exposure through process environments, child processes, debugging output, or accidental shell/profile disclosure, and it does so without warning the user about those risks.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The instructions tell the user to pipe a remotely fetched script directly into `sh` via `curl -LsSf https://astral.sh/uv/install.sh | sh`. This executes network-delivered code without inspection or integrity verification, so a compromised host, TLS interception edge case, or upstream supply-chain incident could immediately lead to arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to create and update files under a persistent workspace without any explicit requirement for user confirmation, path validation, or write-scope limitations. In practice, this can lead to unintended filesystem writes, persistence of sensitive prompts or research content, and increased risk when the topic slug or content is influenced by untrusted input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.