Skillstore

Security checks across malware telemetry and agentic risk

Overview

SkillStore does what it says, but it can install third-party GitHub skills and writes local executable skill files with weak scoping and validation.

Install only if you intentionally want a tool that can add or create OpenClaw skills on your machine. Before installing any GitHub result, inspect the repository and owner manually, avoid running this with elevated privileges, and review or clear its config/history file when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly allows installing skills from GitHub, but the user-facing interaction flow does not warn that choosing a GitHub result fetches and installs remote code. That omission increases the risk of social engineering or accidental installation of untrusted code, especially because GitHub results are presented alongside known and local sources in a similar format.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code clones a user-influenced GitHub repository by spawning a shell command with exec(), then writes the repository into the local skills directory. This can install untrusted code/content from the network without a clear trust boundary, and use of exec() with interpolated repo/name data also creates command-injection risk if those values are ever attacker-controlled or malformed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal