Agent Collab Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a coherent multi-agent protocol/template skill with one operational safety caveat around manual deletion commands.

Before installing or using it, review the scaffold script and deletion instructions, validate domain names so paths stay under ~/.openclaw, and replace the example systemPromptOverride wording if your agents must preserve a stricter system/developer/user priority model.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document instructs operators to run destructive recursive deletion commands (`rm -rf`) to remove domains, but provides no safety checks, path validation, backup guidance, or confirmation steps. In an agent-collaboration skill, operational docs may be copied into automated workflows or followed by users verbatim, increasing the chance of accidental deletion of unintended directories.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal