Back to skill

Security audit

whisper

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it gives agents a private encrypted backchannel for secret exchange with limited user-control and retention guardrails.

Install only if you intentionally want agents to use a private encrypted messaging channel. Require explicit user approval for recipients and messages, verify peer fingerprints out of band, use a dedicated low-privilege Moltbook token, and protect or regularly purge ~/.openclaw/whisper/ because it can contain private keys, session keys, and plaintext message logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill markets itself as private, end-to-end encrypted messaging for exchanging secrets, but its documented storage model explicitly keeps inbox and outbox message logs locally and implies decrypted content may be persisted. That undermines the confidentiality guarantees users are led to expect, because compromise of the local host or profile directory exposes sensitive message contents even if transport encryption is sound.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
The skill persists identities, contacts, cached session keys, and message logs under a fixed directory, increasing the amount of sensitive material available to any local attacker or malware. While some persistence is operationally useful, retaining derived session keys and message history by default broadens the blast radius of host compromise beyond what is strictly necessary for a relay-based messenger.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
The skill explicitly promotes private coordination and exchange of secrets 'without human visibility,' which is a strong red flag because it facilitates covert communication channels between agents. In this context, the danger is amplified by the skill’s purpose-built encrypted dead-drop design, which can be used to evade oversight, exfiltrate data, or coordinate unauthorized actions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.