Back to skill

Security audit

Dawn Proactive Agent v1

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up local decision-tracking files and optional scheduled OpenClaw reminders; I found no hidden data theft or destructive behavior.

Before installing, confirm each cron schedule, Feishu recipient/channel, timezone, and session target. Use a test recipient first, and only run it in a workspace where OPENCLAW_WORKSPACE and the memory/ files are under your control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'PROACTIVE_LOG' from os.environ.get (line 26, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
entry += "\n"
    
    PROACTIVE_LOG.parent.mkdir(parents=True, exist_ok=True)
    with open(PROACTIVE_LOG, "a", encoding="utf-8") as f:
        f.write(entry)
Confidence
86% confidence
Finding
with open(PROACTIVE_LOG, "a", encoding="utf-8") as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation instructs users to create and modify local files and run Python code, which implies file read/write and environment interaction, but it declares no corresponding permissions. This mismatch undermines reviewability and informed consent because operators may enable a skill whose effective capabilities are broader than its manifest suggests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes autonomous scheduled actions and push notifications without a prominent warning that it can affect user workflows, generate recurring notifications, and operate outside immediate user review. In an agent skill context, lack of explicit operator consent and side-effect disclosure can lead to unwanted automation, alert fatigue, or routing messages to unintended recipients.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation steps directly instruct users to add recurring cron jobs and notification delivery targets without a mandatory review step. Because these jobs run repeatedly and can message external channels, misconfiguration could cause persistent spam, workflow disruption, or disclosure of operational details to the wrong recipient.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.