Agentic-Liquid-Neural-Network-Wireless-Manager

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent and purpose-aligned, but it combines broad agent triggers with background monitoring, presence sensing, and automatic network-changing actions that users should review before installing.

Install only if you intentionally want an agent to inspect local Wi-Fi conditions and possibly manage your network. Use read-only scan mode first, require explicit confirmation for monitor mode, sentinel presence sensing, DNS changes, DHCP renewal, Wi-Fi switching, and adapter restarts, and review or delete ~/.net-intel if you do not want local RF history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (19)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill markets itself as passive/local RF intelligence, but it actively contacts external services such as 8.8.8.8, 1.1.1.1, google.com, and a public speed-test host. That mismatch is dangerous because it causes undisclosed outbound traffic, leaks network usage metadata to third parties, and may violate user expectations or restricted-network policies.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documentation frames the tool as observational intelligence, but later authorizes automatic DNS changes, DHCP renewal, adapter restart, and Wi-Fi network switching. This is materially more dangerous than passive monitoring because it can disrupt connectivity, alter trust boundaries, and change which networks or resolvers the host uses without per-action confirmation.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill states it never authenticates to or communicates with APs it is not connected to, yet later includes commands to connect to other SSIDs automatically. This contradiction is risky because users may consent under a false passive-only model while the skill can actively join networks and trigger authentication flows.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The document goes beyond passive diagnostics and includes actionable reconfiguration commands for DNS, DHCP, network switching, and adapter restart. In a skill framed as network intelligence/optimization, these instructions could enable the agent to alter a user's connectivity or steer traffic, which increases risk if invoked without explicit consent and safeguards.

Intent-Code Divergence

Low

Confidence: 95% confidence
Finding: The document states that hotspot subnet fingerprinting is "100% reliable," but private IP ranges are configurable and can overlap across device types, routers, VPN/tethering setups, and OEM variants. Overstating certainty can cause the system to make incorrect identity/device inferences, which is unsafe in a network-intelligence skill that may drive user decisions or downstream automation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The changelog advertises autonomous background monitoring and automatic network-changing actions such as DNS switching, DHCP renewal, network switching, and adapter restart, but it does not mention any explicit user consent, confirmation flow, rollback behavior, or safety guardrails. In a network-management skill, these capabilities can directly alter host connectivity and privacy-sensitive monitoring behavior, so documenting them without corresponding warnings or controls indicates a real security and safety concern rather than a harmless description.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The documented activation examples are broad enough that an agent may invoke the skill in ambiguous contexts without clear user intent. In this skill, unintended activation is more sensitive than usual because the advertised capabilities include continuous monitoring, network changes, and presence sensing, which can affect privacy and system state.

Vague Triggers

High

Confidence: 96% confidence
Finding: The manifest example includes vague phrases like 'internet issues' and especially 'someone nearby', which can cause the agent to invoke a privacy-sensitive sensing tool on ordinary conversation. Because this skill claims human presence detection through Wi‑Fi analysis, accidental activation could lead to covert environmental sensing well beyond routine network troubleshooting.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The mode table uses generic natural-language triggers such as 'Check my network' and 'Start monitoring' without requiring a strong distinction between one-shot diagnostics and persistent/background behaviors. In context, that ambiguity increases the chance that an agent escalates from answering a question to launching ongoing monitoring or RF sensing that the user did not clearly authorize.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are extremely broad and overlap with ordinary help requests like 'internet problems' or 'fix network.' Overbroad invocation increases the chance that a powerful skill with scanning, persistence, and auto-reconfiguration capabilities is activated unintentionally or in contexts where the user expected only advice.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: Sentinel mode can be triggered by vague wording such as 'watch around me,' which may be interpreted in normal conversation. Because sentinel mode performs ongoing passive monitoring and presence inference, accidental activation creates privacy and surveillance risk beyond ordinary network troubleshooting.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill offers person/presence detection and directional inferences from ambient Wi-Fi behavior without strong per-use consent and with conversational queries like 'Is someone behind me?'. In context, this moves the tool from network diagnostics into surveillance-like sensing, creating significant privacy risk for bystanders and users who may not realize such inferences are being made.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation lists DNS configuration changes without warning that these commands can redirect name resolution, disrupt connectivity, or require elevated privileges. An agent or user following them verbatim could unintentionally reroute traffic to untrusted resolvers or break network behavior.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Network switching and adapter restart commands will disconnect the active connection and may interrupt ongoing sessions, VPNs, or remote access. Presenting them without caution or confirmation makes accidental denial of service to the user much more likely, especially in an autonomous troubleshooting context.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The presence-detection section describes inferring nearby human movement and direction from Wi‑Fi signal changes without any consent, authorization, or safety boundaries. In this skill context, that creates a meaningful privacy and misuse risk because the feature can be used for covert occupancy sensing or nearby-person surveillance rather than ordinary network troubleshooting.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest declares invocation via "/net-intel or natural language triggers" without any bounded trigger list, exclusions, or confirmation requirements. In an agentic host, this can cause the skill to activate on loosely related user text and execute network-scanning or management workflows unexpectedly, increasing the chance of unintended command execution and privacy-invasive behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The condition "Agent calls tool when network topics arise" is ambiguous and delegates activation to broad semantic interpretation instead of constrained policy. Because this skill can run shell-accessed Python and perform Wi-Fi/hotspot intelligence tasks, overly broad routing raises the risk of accidental invocation during benign conversation about connectivity or nearby devices.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The OpenClaw entry uses "Trigger phrases or direct skill call" but does not specify the actual phrases, boundaries, or forbidden contexts. Given the skill's described capabilities around RF awareness, presence detection, and navigation guidance, unspecified triggers make over-broad activation more dangerous because the host may invoke a sensitive sensing skill in contexts the user did not intend.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill includes presence-sensing logic that infers whether a person is nearby or moving based on ambient Wi-Fi signal fluctuations, yet it provides no user-facing notice, consent flow, or privacy limitation. In this skill context, that is more dangerous because the manifest explicitly markets 'presence detection' and 'is someone nearby', encouraging covert occupancy inference from environmental telemetry.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal