Back to skill

Security audit

Delx Ops Guardian

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for operations recovery, but it gives an agent broad production host authority that users should review before installing.

Install only on hosts where you intentionally want agent-assisted operations management. Review the exact aliases, require explicit confirmation before service restarts or cron edits, limit use to named services and incident contexts, and verify the third-party plugin before granting access to /root/.openclaw or production systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The alias set is broad and generic for a production-impacting skill, including terms like "handle_incident" and "memory_guard" that could match routine operational requests and trigger a high-privilege workflow unintentionally. Because this skill is designed to read privileged paths and perform service restarts or cron changes, accidental invocation materially increases the chance of unauthorized or unnecessary disruptive actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.