IT Events

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs Review because it can create a persistent weekly OpenClaw cron job and has scoping/documentation gaps around that automation.

Install only if you want recurring event digests and are comfortable with a local OpenClaw cron job. Before enabling automation, confirm the exact schedule, command, state file path, and how to delete the job; use manual searches if you do not want persistent background execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill can create persistent recurring cron jobs, which is a privileged side effect beyond a simple content-retrieval workflow. If invoked unexpectedly or through ambiguous phrasing, it can establish ongoing execution and repeated external access, increasing operational and security risk on the host.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The script creates and then instructs the external agent to update persistent memory state without that write capability being clearly described in the skill metadata. Hidden persistence changes can surprise users, alter future agent behavior, and create integrity issues if the memory file is later trusted for deduplication or workflow decisions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instructions allow creation of a persistent cron job once intent is inferred, but they do not require a prominent user-facing notice that this changes the local system and will continue running automatically. That lack of explicit disclosure can cause users to authorize persistent execution without understanding duration, frequency, or cleanup requirements.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The script writes a state file to the user's workspace automatically and does so without prior disclosure or confirmation. While the file contents are limited, undisclosed filesystem modification violates user expectations and can become more serious in agent environments where persistent state influences later actions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script sends an instruction to an external agent to modify stored memory, but it does not clearly disclose that executing the command may change persistent data. Delegating state mutation to an agent via prompt text is risky because the actual write behavior is indirect, harder to audit, and may be broader than the user expects.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal