ClawHub
Back to skill

Security audit

Ai News Poster

Security checks across malware telemetry and agentic risk

Overview

The skill appears to have a risky but disclosed manual reinstall command, not hidden or malicious behavior.

Before running the reinstall command, verify the expanded path points exactly to ~/.openclaw/skills/ai-news-poster and consider backing up the existing directory. Do not paste a modified rm -rf command unless you understand exactly what it will delete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manual instructs users to run a destructive delete-and-replace sequence using `rm -rf` without any safety guidance, backup step, or path validation. Even though the target path is specific, documentation that normalizes recursive deletion increases the risk of accidental data loss if the path is mistyped, expanded unexpectedly, or copied into a slightly different environment.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
如果你在仓库里改了 `skills/ai-news-poster`,重新覆盖到 OpenClaw 托管目录:

```bash
rm -rf ~/.openclaw/skills/ai-news-poster
cp -R /Users/cyc-mac/skills/skills/ai-news-poster ~/.openclaw/skills/ai-news-poster
openclaw skills info ai-news-poster
```
Confidence
94% confidence
Finding
rm -rf ~/.openclaw/skills/ai-news-poster cp -R /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
如果你在仓库里改了 `skills/ai-news-poster`,重新覆盖到 OpenClaw 托管目录:

```bash
rm -rf ~/.openclaw/skills/ai-news-poster
cp -R /Users/cyc-mac/skills/skills/ai-news-poster ~/.openclaw/skills/ai-news-poster
openclaw skills info ai-news-poster
```
Confidence
94% confidence
Finding
rm -rf ~/.openclaw/skills/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal