智能数据采集器

Security checks across malware telemetry and agentic risk

Overview

This data collection skill mostly does what it advertises, but it also ships under-disclosed OpenClaw platform-management methods that could install, uninstall, execute, or upload other skills if given a valid API key.

Review carefully before installing. Only use this skill with least-privilege, read-only database/API credentials; avoid giving it OpenClaw admin or publishing tokens; configure exports to non-sensitive paths; and enable scheduled collection only when you understand what systems it will repeatedly access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (46)

Intent-Code Divergence

Medium

Confidence: 85% confidence
Finding: The module metadata markets the package as an 'OpenClaw Wealth Guide' and a 'money-making tool', which materially conflicts with the declared skill purpose of a general data collection/export utility. In an agent ecosystem, misleading branding can conceal the true purpose of a skill, reduce operator trust, and increase the risk that users enable a capability they did not intend to install or review.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: `validate_adapter_config` is annotated to return `Dict[str, Any]`, but `Any` is not imported from `typing`. In Python versions/environments where annotations are evaluated at function definition time, this can raise a `NameError` on import, causing the module to fail to load and producing a denial-of-service condition for any workflow that depends on this factory.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This client exposes broad OpenClaw platform-management actions that go well beyond the stated purpose of a data harvesting, processing, and export tool. That capability expansion increases the attack surface and enables the skill to manipulate platform state if the component is invoked with a valid API key, violating least-privilege expectations for this skill context.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The ability to install, uninstall, and execute arbitrary skills gives this component effective control over other code or automations on the platform, which is highly sensitive and unrelated to its declared function. In a data-harvesting skill, these methods could be abused to deploy unwanted functionality, trigger privileged actions, or disrupt existing services if an attacker gains access to the client or its credentials.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: Uploading skill packages allows introducing new executable or deployable content into the platform, which is a powerful administrative capability unrelated to harvesting data. In this context, it creates a path for unauthorized code deployment or persistence if the API key is misused, making the mismatch between declared purpose and actual capability especially dangerous.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README advertises web scraping, API access, database querying, file reads, exports, and scheduled execution, but does not warn users that the skill can access external resources, collect potentially sensitive data, and write data to local storage on an ongoing basis. In an agent skill context, this omission can cause users to authorize broad data collection or persistence without understanding privacy, security, and compliance implications.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill promotes web, API, database, and file harvesting without warning about sensitive data collection, credential handling, or export risk. For a tool whose core purpose is broad data access, missing privacy and safety disclosures increases the chance of users collecting confidential data or exposing secrets during automated processing.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The examples encourage scheduled collection and local export but omit warnings that recurring tasks may continuously access remote systems and that exports may overwrite or create files on disk. In an automation context, this can cause unintended persistence, repeated data exfiltration, or accidental modification of local files.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: This skill explicitly supports web/API/database/file collection plus automated export, and the manifest includes an auth object without any user-facing warning about handling credentials, sensitive data, or operational impact. In a data-harvesting context, missing privacy and security disclosures increases the chance that users supply secrets or collect/export sensitive data without understanding retention, destination, or scheduling consequences.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The database adapter executes a query string taken from configuration via SQLAlchemy text(query), which allows arbitrary SQL execution if the configuration or upstream input is attacker-controlled. In a data-harvesting skill that connects to external databases, this can lead to unauthorized data extraction, destructive statements, or abuse of privileged database credentials.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 安装: pip install -r requirements-dev.txt # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0
Confidence: 92% confidence
Finding: pytest>=7.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0
Confidence: 92% confidence
Finding: pytest-cov>=4.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 测试框架 pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0 # 代码质量和风格
Confidence: 92% confidence
Finding: pytest-mock>=3.10.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pytest>=7.0.0 pytest-cov>=4.0.0 pytest-mock>=3.10.0 pytest-asyncio>=0.21.0 # 代码质量和风格 black>=23.0.0
Confidence: 92% confidence
Finding: pytest-asyncio>=0.21.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pytest-asyncio>=0.21.0 # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0
Confidence: 95% confidence
Finding: black>=23.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0
Confidence: 92% confidence
Finding: flake8>=6.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 代码质量和风格 black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0
Confidence: 92% confidence
Finding: isort>=5.12.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: black>=23.0.0 flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0 # 文档生成
Confidence: 92% confidence
Finding: mypy>=1.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: flake8>=6.0.0 isort>=5.12.0 mypy>=1.0.0 pre-commit>=3.0.0 # 文档生成 sphinx>=7.0.0
Confidence: 92% confidence
Finding: pre-commit>=3.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pre-commit>=3.0.0 # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0
Confidence: 92% confidence
Finding: sphinx>=7.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0 # 构建和发布
Confidence: 92% confidence
Finding: sphinx-rtd-theme>=1.3.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 文档生成 sphinx>=7.0.0 sphinx-rtd-theme>=1.3.0 myst-parser>=2.0.0 # 构建和发布 build>=0.10.0
Confidence: 92% confidence
Finding: myst-parser>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: myst-parser>=2.0.0 # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0
Confidence: 92% confidence
Finding: build>=0.10.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0 # 其他开发工具
Confidence: 92% confidence
Finding: twine>=4.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 构建和发布 build>=0.10.0 twine>=4.0.0 wheel>=0.40.0 # 其他开发工具 ipython>=8.15.0
Confidence: 96% confidence
Finding: wheel>=0.40.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal