Self-Prompt

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps automation trigger OpenClaw agents and post their replies to chat, with privacy and scoping risks but no hidden malicious behavior found.

Install only if you intentionally want trusted automation to trigger agent responses and post them to chat. Before using it, verify the OpenClaw executable path, restrict which agent IDs and group IDs scripts can use, avoid posting confidential data to shared channels, and review or clear ~/agent_task.log when tasks may involve private information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: else: delivery_msg = f"⚠️ Agent task failed: {response}" subprocess.run([ OPENCLAW_PATH, 'message', 'send', '--channel', channel, '--target', group_id,
Confidence: 90% confidence
Finding: subprocess.run([ OPENCLAW_PATH, 'message', 'send', '--channel', channel, '--target', group_id, '--message', delivery_msg ], capture_outp

Tainted flow: 'OPENCLAW_PATH' from os.environ.get (line 18, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: session_key = f"agent:{agent_id}:{channel}:group:{group_id}" try: result = subprocess.run([ OPENCLAW_PATH, 'agent', '--agent', agent_id, '--session-id', session_key,
Confidence: 97% confidence
Finding: result = subprocess.run([ OPENCLAW_PATH, 'agent', '--agent', agent_id, '--session-id', session_key, '--channel', channel, '--message

Tainted flow: 'OPENCLAW_PATH' from os.environ.get (line 18, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: else: delivery_msg = f"⚠️ Agent task failed: {response}" subprocess.run([ OPENCLAW_PATH, 'message', 'send', '--channel', channel, '--target', group_id,
Confidence: 97% confidence
Finding: subprocess.run([ OPENCLAW_PATH, 'message', 'send', '--channel', channel, '--target', group_id, '--message', delivery_msg ], capture_outp

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs operators to send accountability checks, monitoring alerts, research tasks, and resulting agent responses through shared chat channels, but it provides no safeguards around sensitive data handling, audience scope, or redaction. In operational contexts, these messages can contain internal status, incident details, trading positions, or other confidential content, creating an avoidable risk of privacy leakage or oversharing to unintended recipients.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The function automatically forwards agent-generated content to an external chat target without any confirmation or user-facing warning. In this skill context, that is especially risky because the script is explicitly designed to make an agent respond and then broadcast that response, increasing the chance of unreviewed harmful, deceptive, or sensitive output being propagated.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script takes arbitrary agent output and forwards it directly to a Telegram group, creating a clear external data exfiltration path. If the agent response contains sensitive data, internal prompts, secrets, personal data, or unsafe formatted content, the script will automatically disclose it to a potentially broad audience with no review, filtering, or consent step.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal