Back to skill

Security audit

Group Summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple local report summarizer that reads a disclosed folder and writes a local daily summary, with no hidden code or credential use found.

Before installing, confirm that ~/openclaw_agent/src/temp_sync/ contains only markdown reports you want summarized, because all markdown files under that directory can be included in the generated daily summary. Also check whether an existing dated summary file might be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to recursively read from a fixed directory and write output to a fixed path without any user warning or confirmation. In an agent setting, fixed filesystem access can expose sensitive local data or overwrite files unexpectedly, especially when the user may not realize the scope of file operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.