Ping Me

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it creates, lists, cancels, and configures one-time OpenClaw reminders, with some normal privacy and misfire risks for reminder software.

Install only if you are comfortable with reminder text, timing, channel, timezone, and optional delivery target being stored locally or in OpenClaw cron until delivery or cancellation. Avoid putting secrets in reminders, and verify channel/target settings in shared or multi-channel environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 75% confidence
Finding: The skill invokes scripts that can modify persistent state, including configuration changes and reminder/job creation, but the metadata does not declare any corresponding permissions. This creates a trust and review gap: users or hosting platforms may believe the skill is read-only when it can write files or alter stored state.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The public description presents the skill as a simple one-shot reminder tool, but the instructions expose additional capabilities to list reminders, cancel them, and modify/reset persistent settings. This mismatch can mislead users and reviewers about the skill's real authority, increasing the chance of unintended state changes or abuse through social engineering.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The README advertises activation through ordinary natural conversation such as "Just talk to your agent naturally" and "say 'remind me...' in any language" without documenting stricter trigger boundaries or confirmation requirements. In an agent ecosystem, overly broad activation can cause unintended reminder creation from incidental text, quoted messages, or prompt-injection-style content relayed through chats, increasing the chance of unauthorized actions or user confusion.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explains that reminders are stored in config and routed based on detected channel metadata, but it does not clearly warn users that reminder text, timing, and channel context may be persisted and delivered through channel-specific infrastructure. Because reminder content often contains sensitive personal information, lack of disclosure can lead users to expose private data without understanding retention and routing behavior.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The skill markets itself as handling natural-language reminders broadly and 'works with every channel,' which encourages wide matching against ordinary conversation. Combined with the instruction to act first and confirm afterward, an overly broad trigger can cause accidental invocation and unintended reminder creation from casual text.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The instruction to 'detect reminder intent in any language' is highly permissive and does not define what evidence is sufficient to trigger execution. In practice, this can lead to false positives across multilingual conversation, causing the agent to create reminders or run scripts without sufficiently explicit user consent.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill stores reminder content, routing data, and settings in local state, but this persistence is not clearly disclosed in the user-facing description. Reminder messages can contain sensitive personal information, and undisclosed storage increases privacy risk and may surprise users about retention and channel-target data handling.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description advertises activation from broad natural-language phrasing like 'remind me...' in any language and 'works with every channel,' which can cause accidental invocation during ordinary conversation or when quoting someone else. In a reminder skill, this increases the chance of unintended reminder creation, privacy confusion, or spammy cross-channel behavior if trigger matching is too permissive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal