Security audit

EASA Regulatory Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate EASA regulatory search skill, with disclosed public-source ingestion commands and no evidence of hidden credential use, exfiltration, or destructive behavior.

Install this only if you trust or have reviewed the external `clawEASA` runtime repository and its bootstrap scripts. Use lookup/search commands normally, and run fetch, parse, or FAQ crawling only when you intentionally want to download and update the local public EASA corpus; be careful with the documented `rsync --delete` install command and verify the destination path first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill description promises local querying of a local index, but the documented command set includes remote discovery, downloading, crawling, and ingestion from the EASA website. This mismatch expands the trust boundary from offline/local-only retrieval to network-enabled content acquisition, which can lead to unexpected external access, data exfiltration opportunities, unreviewed content ingestion, and unsafe execution in restricted environments.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Website crawling and corpus-ingestion features are broader than the stated purpose of answering regulatory questions from a local index. In the context of an agent skill, these capabilities can trigger unneeded network activity, ingest untrusted remote content into the local corpus, and create persistence or supply-chain risk if the fetched material is later treated as authoritative.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation shows an `rsync -a --delete` install command without clearly warning that `--delete` removes files in the destination that are not present in the source. In a skill-install context, users may copy-paste this into a real OpenClaw workspace and unintentionally erase existing files under the target skill directory, especially if the destination path is mistyped or repurposed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal