Back to skill

Security audit

Video Content Operator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local content-planning helper that can use OpenClaw memory files for personalization, with no evidence of hidden network transfer or destructive behavior.

Install only if you are comfortable with the skill using local OpenClaw memory/profile files to personalize content advice. Review MEMORY.md and USER.md for sensitive details first, pass an explicit workspace path, and avoid writing the extracted JSON to shared or insecure locations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads potentially sensitive personal/profile data from local workspace files (MEMORY.md and USER.md), structures it, and can persist it to an arbitrary output path without any consent check, disclosure, minimization, or destination restriction. In an agent-skill context, this increases privacy and data-exfiltration risk because the extracted summary is easier to reuse, forward, or upload than the original source files.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.