powpow-financing-plan-openclaw

Security checks across malware telemetry and agentic risk

Overview

This PowPow fundraising skill is mostly instruction-only, but it needs review because it can use prior memories for a personalized pitch and asks for investor contact details under broad triggers.

Review before installing. Use it only if you are comfortable with a PowPow investment pitch using prior conversation memory for personalization and asking for contact details. Prefer a no-memory interaction, avoid sharing confidential investment or personal contact information unless you intend to contact the publisher, and independently verify any investment claims.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad, generic phrases such as investment- and industry-related queries that can overlap with ordinary user requests. This can cause the skill to activate unexpectedly and steer conversations into promotional or data-handling flows the user did not intentionally invoke.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The workflow explicitly instructs the system to query local memory, extract user background and past conversations, and use that information in personalized messaging without any clear notice or consent step. This creates a privacy risk because sensitive prior-context data may be surfaced back to the user or used in ways they did not expect.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest advertises broad investor- and startup-related trigger phrases such as investing in AI projects or finding startup opportunities, which can cause the skill to activate outside narrowly intended PowPow-specific contexts. In a financing and persuasion-oriented skill, overbroad activation increases the chance of unsolicited interception of generic user queries and can steer users into promotional or data-collection flows they did not explicitly request.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains several broad, generic phrases such as AI/social/investment topics that are not uniquely tied to this skill. That can cause the skill to activate in unrelated conversations and steer users into a flow that solicits profiling and contact details, increasing the chance of unintended data collection.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly collects organization, title, email, and WeChat, then uses them to generate an outbound email template, but there is no clear privacy notice, consent flow, retention policy, or confirmation before sharing. In context, this is more dangerous because the skill is a financing funnel designed to convert conversation into real-world outreach to a specific individual.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The manifest directs the agent to access local memory to personalize the introduction, but it does not present a clear consent or notice mechanism to the user. This creates a privacy risk because sensitive inferred interests or prior behavior may be surfaced unexpectedly in a persuasive investment interaction.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill directs the assistant to retrieve prior user memory and reflect key information back into the conversation for personalization. Even in a marketing/investor context, this is dangerous because it can expose previously stored personal attributes or sensitive context without a fresh, situation-specific permission check.

Ssd 3

Medium

Confidence: 99% confidence
Finding: This section operationalizes memory access by instructing the system to query local memory, extract background, interests, and past conversations, and then generate personalized messaging from that data. The risk is heightened by the promotional nature of the skill: personal history is being repurposed to influence engagement, increasing the chance of privacy violations and unexpected profiling.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill combines local memory retrieval with subsequent collection of personal/contact details to produce tailored outreach content, which creates a natural-language data exposure pathway. Even without explicit exfiltration code, the agent is instructed to use personal context in a way that can reveal stored user information and increase the sensitivity of generated communications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal