Security audit

Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This writing skill is not clearly malicious, but it should be reviewed because it can register users with a third-party service, send their email and writing topics externally, and write local files through unsafe command snippets.

Review before installing. Use only an email address and writing topics you are comfortable sending to prose-kit.com, require explicit confirmation before registration, API submission, upgrade links, or local file writes, and avoid running the provided snippets unless topic/task values are safely quoted and output filenames are sanitized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to collect a user's email address and send it to an external service to create an account, which expands from essay generation into identity collection and account provisioning. That is dangerous because it causes third-party data disclosure and account creation without clear necessity, consent flow, or privacy notice tied to the core writing task.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill includes upgrade and payment redirection instructions unrelated to the core function of generating essays. Embedding billing flows in a content-generation skill increases the chance of unsolicited commercial actions and can pressure the agent into facilitating purchases or external navigation beyond the user's original request.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase is broad enough to overlap with normal writing requests, making accidental activation likely. In context, accidental activation is risky because this skill performs external network actions and file writes, so a benign writing request could unexpectedly lead to data transmission or local persistence.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill collects a user's email and transmits it to prose-kit.com without an explicit privacy disclosure or informed-consent step. This is dangerous because the user may not realize personal data is being shared with a third party for account creation and retained outside the current environment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill saves generated content to local markdown files but does not clearly warn the user that their prompts and outputs will be written to disk. This creates a confidentiality and data-retention risk, especially if topics are sensitive or the filesystem is shared, backed up, or later exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.