openclaw-read-flow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed FreshRSS reading-workflow skill with no included executable code or hidden destructive behavior.

Install only if you are comfortable letting an agent read your FreshRSS unread feed. Use a FreshRSS-specific API password, review any referenced external scripts before running them, set feed or item limits for sensitive accounts, and keep read-state changes or knowledge-base writes approval-gated.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to work in Simplified Chinese, which can override a user's preferred language and reduce usability or accessibility for users who need another language. While this is not a classic security exploit, it is a genuine policy/control issue because a skill-level instruction can improperly constrain agent behavior without user opt-in.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal