Security audit

i-am

Security checks across malware telemetry and agentic risk

Overview

This skill performs personality profiling from local OpenClaw chat history and can set up recurring analysis, save long-lived profile data, and send profile files through chat.

Review carefully before installing. Prefer manual mode, do not enable cron unless you want recurring background profiling, limit which conversations are analyzed, and avoid sending generated USER.md files through chat unless you are comfortable with those inferred traits being transmitted and retained there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The skill is presented as a simple personality analysis tool, but it also configures recurring cron jobs and instructs the agent to send generated files over IM channels. That expands its operational scope from on-demand analysis to persistent automated collection and distribution of sensitive derived data, which users may not reasonably expect from the description.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code scans the sessions store and loads historical user messages to infer personality traits, including potentially broad past conversation history on first run. This is sensitive profiling from accumulated user data, and the scope is much larger than a typical single-command analysis, creating privacy and consent risks.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill claims all data is processed locally with no network transfer, yet elsewhere instructs sending preview files via the current IM channel. This is a materially misleading security statement that can cause users to approve handling of sensitive personality data under false assumptions about confidentiality.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to match ordinary conversation topics such as personality or USER.md updates, which can cause the skill to run without a clear, intentional user request. In this context, accidental activation is risky because the skill reads conversation history, profiles the user, and may persist or send sensitive outputs.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill directs the agent to mine the user's conversation history and derive personal traits, which is sensitive personal profiling. Because it processes broad historical content and inferred characteristics rather than only explicit user input, it creates elevated privacy harm and potential misuse if the data is exposed or reused.

Ssd 3

High

Confidence: 98% confidence
Finding: The workflow instructs sending a generated USER.md preview containing inferred personality traits back through the current IM channel. Transmitting sensitive derived personal data over chat/file-sharing channels increases exposure risk, especially if the channel is third-party hosted, shared, logged, or less secure than local storage.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill persistently stores inferred personality data in USER.md, ChangeLog.md, and timestamps across runs, creating a long-lived profile and revision history. Persistent storage of sensitive inferences magnifies harm from unauthorized access, over-retention, and secondary use beyond the user's original expectation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal