Back to skill

Security audit

Topical

Security checks across malware telemetry and agentic risk

Overview

This Topical skill is a coherent integration, but it should be reviewed because its webhook transform can automatically wake an agent and relay external news content with broad follow-up instructions.

Install only if you are comfortable giving Topical a long-lived MCP token and enabling persistent OpenClaw webhooks. Review the hook config, consider setting deliver=false until tested, ensure hook bearer token and signature verification are configured, and treat source subscription, schedule, feedback, and webhook tools as account-changing actions that should be user-directed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation states the skill is 'Read-only intelligence,' but the listed tools can modify state by changing subscriptions, schedules, feedback, and webhooks. This can mislead users or downstream agents into invoking mutation-capable tools under the assumption that no changes will be made, increasing the risk of unauthorized configuration changes or integrity issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The transform takes externally supplied webhook content and constructs an agent message that is then delivered automatically, including instructions to relay the bulletin with minimal changes. Because the content is treated as trusted and no user-facing provenance or warning is attached, malicious or compromised upstream content could be laundered into the agent/user conversation as if it were endorsed, increasing prompt-injection and social-engineering risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.