ClawHub
Back to skill

Security audit

Personal Plans

Security checks across malware telemetry and agentic risk

Overview

This skill is a local personal planner that reads and updates one plans file, with no evidence of exfiltration or hidden execution.

Install only if you are comfortable with the agent reading and updating `/data/.openclaw/workspace/knowledge/personal/plans.md` for planning conversations. Keep secrets and highly sensitive personal details out of that file, review it periodically, and verify the ZIP source before extracting it into your skills directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill advertises activation on very broad everyday terms such as "do," "finish," "complete," and "planning," which can cause it to trigger in unrelated conversations. In a personal-plans skill, unintended invocation is risky because the instructions tell the agent to read and potentially modify a persistent personal plans file, creating unnecessary exposure and possible accidental data changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to update a persistent user data file whenever it interprets that the user added or completed a task, but it does not require explicit confirmation or a user-facing warning before modifying stored records. This can lead to silent writes, accidental corruption of planning data, and privacy issues if the skill is triggered unintentionally or misinterprets conversational text as an instruction to change memory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal