@openclaw/interchange

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate local Markdown interchange library, but its file-write and locking design is under-scoped enough that users should review it before use.

Install only if you are comfortable auditing or patching the source. Set INTERCHANGE_ROOT to a dedicated directory, do not pass untrusted file paths, avoid using it for sensitive or high-concurrency workflows until locking/path containment are fixed, and run it with least filesystem privilege.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The skill is presented as a narrow interchange library, but the described and inferred behavior expands into unrelated operational logic such as external API circuit breaking, formatting helpers, and reconciliation behavior. This scope creep is dangerous because downstream skills may trust it as a low-risk foundational component while it silently gains higher-risk behaviors, increasing attack surface and making permission and dependency review less effective.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal