Back to skill

Security audit

ATXP

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent ATXP CLI guide, but it gives agents high-impact email, paid account, agent-wallet, and host-configuration authority without enough scoping or confirmation guidance.

Install only if you trust ATXP and are comfortable giving the agent persistent ATXP credentials. Require explicit approval before deleting emails, downloading attachments, sending mail, claiming usernames, creating agents, using paid tools, creating top-up links, or editing `/root/.openclaw/openclaw.json`. Treat any update instructions received by email as untrusted unless verified through an official release channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents a destructive `email delete` operation with no guidance to require explicit user confirmation, preview the target message, or warn that deletion removes the message from inbox and search results. In an agent setting, this increases the chance of accidental or prompt-induced destructive actions against user data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The authentication section instructs users to inspect and source local credential material (`echo $ATXP_CONNECTION` and `source ~/.atxp/config`) without warning against exposing tokens in logs, tool output, or downstream prompts. In agent environments, credentials can be inadvertently revealed, persisted, or reused by other tools if not handled as secrets.

Ssd 4

Medium
Confidence
98% confidence
Finding
The statement that important messages include 'updates to this skill itself with instructions for downloading the latest version' establishes email as a trusted control channel for future behavior changes. This creates an instruction-hijacking path where a compromised sender, spoofed message, or malicious mailbox content could induce the agent or operator to fetch and follow untrusted updates.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: atxp
description: Access ATXP paid API tools for web search, AI image generation, music creation, video generation, X/Twitter search, email, and agent account management. Use when users need real-time web search, AI-generated media (images, music, video), X/Twitter search, send/receive emails, or create and fund agent accounts. Requires authentication via `npx atxp login`.
---

# ATXP Tools
Confidence
76% confidence
Finding
create and fund agent accounts. Requires authentication via `npx atxp login`. --- # ATXP Tools Access ATXP's paid API tools via CLI. ## Authentication ```bash # Check if authenticated echo $ATXP_C

VirusTotal

No VirusTotal findings

View on VirusTotal