Back to skill

Security audit

Paragraph for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This Paragraph skill is mostly coherent, but it needs review because it can publish public/onchain posts, manage subscriber data, send welcome emails, and upload a caller-chosen local CSV file.

Install only for Paragraph publications you control. Use a dedicated API key if possible, require human approval before publishing or subscriber imports, set sendWelcomeEmail deliberately, and pass only vetted CSV files from a trusted location. Treat subscriber emails and wallet addresses as personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill documents subscriber-management capabilities involving email addresses and wallet addresses without any explicit privacy, consent, or data-handling warning. In an agent context, this increases the risk of collecting, storing, listing, or adding subscriber PII without appropriate authorization or user awareness, which can lead to privacy violations and compliance issues.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Bulk CSV import of subscribers can process large sets of personal data and optionally trigger outbound welcome emails, but the README lacks a clear warning about consent, mailing authorization, and the operational consequences of sending to imported contacts. In an automated agent workflow, this can enable accidental spam campaigns or mishandling of bulk personal data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prominently enables subscriber addition, listing, tagging, and CSV bulk import of emails and wallet addresses, but it does not provide a clear privacy/security warning about handling personal data, consent, retention, or access controls. In an agentic context, this increases the risk of unauthorized ingestion, processing, or migration of subscriber PII and can lead to privacy violations, compliance issues, or accidental mass-contact abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill emphasizes onchain publishing and permanence, but it does not present a prominent caution that posts may be effectively irreversible, publicly visible, and difficult to correct once published. In practice, an agent or user could publish sensitive, defamatory, confidential, or erroneous material to an immutable medium, creating lasting exposure and reputational or legal harm.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The import tool accepts an arbitrary local file path, reads the file from disk, and uploads its contents to a remote API. In an agent skill context, this creates a local file exfiltration primitive if an attacker can influence the csvPath argument, potentially exposing sensitive files such as secrets, configs, or user data to Paragraph.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
skill.js:9

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:223