AOI Squad Orchestrator (Lite)

Security checks across malware telemetry and agentic risk

Overview

This is a small local CLI for generating preset team reports, with disclosed low-risk local storage for team names.

Safe to install for its stated purpose. Avoid putting secrets or sensitive personal data in team aliases or task text, and treat generated report_markdown as untrusted content if the task came from someone else.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The preset text claims 'no external side effects,' but the skill later reads and writes persistent state under the user's home directory. This creates a trust mismatch: users may run the skill expecting a dry, side-effect-free operation while it modifies local state, which is unsafe from a transparency and consent perspective.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill silently persists data to ~/.openclaw/aoi/squad_names.json without clear disclosure at startup or prior consent. Undisclosed writes to a user's home directory can violate user expectations, leak task-related metadata into long-lived storage, and create forensic or privacy risk on shared systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal