mini-swe-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it directs an agent to run an external coding tool in autonomous no-confirmation mode that can inspect and edit a repository.

Install only if you intentionally want an external autonomous coding agent to make repository changes without stopping for approval. Verify the `mini` CLI source and version, run it in a disposable branch or sandbox, and review diffs and tests before keeping changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs use of `mini --yolo`, which delegates end-to-end code exploration and editing to an autonomous subprocess without human confirmation gates. In a security-sensitive agent environment, this increases the chance of unintended code changes, unsafe command execution, or modification of the wrong files because the operator is not warned about the autonomy and edit scope.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The installation instructions provide a shell command that creates a directory and writes a skill file into the user's persistent `~/.openclaw/skills` location without any warning about filesystem modification. While common for installation steps, silently directing users to write agent-executable content into a trusted skills directory can normalize persistent changes and reduce scrutiny of what is being installed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal