Back to skill

Security audit

Library

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent SansFiction library helper, but it asks for a read/write account token and can create a recurring reading reminder, so users should configure it carefully.

Install this only if you want OpenClaw to read and update your SansFiction library. Configure the token through secure OpenClaw settings or an environment variable instead of pasting it into chat when possible, rotate the token if it is exposed, and explicitly specify your reminder time and timezone before enabling the daily check-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to persist a personal API token into local configuration for convenience. Persisting long-lived credentials beyond the immediate task increases the blast radius of compromise, especially on shared machines or where local config may be readable by other tools, backups, or logs.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The reminder flow allows scheduling a recurring cron job based on broad language like enabling a daily check-in, without a strong explicit invocation boundary or confirmation of scheduling parameters. In agents that may infer intent from casual conversation, this can lead to unintended persistent automation and repeated outbound prompts.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill tells the user to paste a personal token into chat, which exposes a bearer credential in a medium that may be logged, retained, inspected by operators, or accessible to other components. Because the token is read/write for the user's library account, disclosure can enable unauthorized account actions.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Hard-coding the timezone to Europe/Warsaw without user opt-in can cause reminders to fire at unintended times, creating persistent behavior the user did not mean to authorize. This is more of a safety and consent issue than a direct compromise, but it becomes more concerning because it controls a recurring automated action.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Hard rules
- **Never ask for or store passwords.** Use a SansFiction token only.
- **Never echo the token back** to the user or write it into chat logs.
- **No side effects without confirmation** when the target book is ambiguous (multiple matches).

---
Confidence
84% confidence
Finding
without confirmation

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.