Back to skill

Security audit

Study And Port

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for researching AI frameworks and drafting OpenClaw skills, but users should review any generated files before approving them.

Install this only if you want OpenClaw to research AI tools and draft new skills on your machine. Before approving creation or execution, inspect the proposed SKILL.md or script, and periodically review or delete files under ~/self-improving/ if you do not want research notes retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to activate on ordinary discussion of AI tools, frameworks, or comparisons, which can cause the skill to run in contexts the user did not explicitly intend. Because this skill has write permissions to skill directories and self-improvement logs, over-triggering increases the chance of unwanted research, persistent file creation, and follow-on self-modification behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes creating new skills, scripts, and persistent log files, but the warning to the user is limited to a brief confirmation note focused on skill creation rather than all persistent side effects. Users may consent to research without understanding that the process can also write procedural-memory and progress-tracking files, creating lasting state changes on disk.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The confirmation prompt is hardcoded in Chinese, which can undermine informed consent for users who do not read the language. In this skill, that matters because the confirmation gates creation of new skills or scripts; a user could appear to approve an action without fully understanding what they are authorizing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.