Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
OpenClaw Session Model Switcher
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed utility for switching only the current OpenClaw session model, with a caveat that it relies on local helper scripts outside the reviewed package.
Install only if you intend to let the agent switch the active model for the current OpenClaw session. Before using it, verify that the local scripts it calls are the expected OpenClaw helpers and do not perform unrelated actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
65/65 vendors flagged this skill as clean.