nutcracker

Security checks across malware telemetry and agentic risk

Overview

This is a local UX research logger, but it starts broad passive recording by default and stores users' exact words in persistent local reports.

Install only if you intentionally want your OpenClaw interactions studied and stored locally. Before enabling it, confirm how to keep observation off until you opt in, how to pause it, how to delete ~/.uxr-observer, and whether verbatim quote capture can be reduced or redacted. Avoid using it during sessions involving credentials, customer data, private code, health, legal, financial, or other sensitive material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill explicitly describes creating directories, appending JSONL logs, generating reports, and deleting stored data, but the metadata shown does not declare corresponding permissions. That mismatch is risky because users and the platform may not realize the skill can persist and manipulate local files containing sensitive interaction history.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill says it 'runs passively in the background during every OpenClaw session' and 'silently records' interactions, but does not define strong boundaries for when monitoring begins, what exact events are in scope, or how consent is enforced before passive collection starts. Ambiguous passive activation is dangerous because it can cause covert collection of broad user content without a clear, informed opt-in moment.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The trigger phrase 'Give me my report' is common natural language and may be invoked accidentally in ordinary conversation. For a skill that handles sensitive logs and report generation, broad triggers increase the chance of unintended access or disclosure of research data.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill prominently describes pervasive passive logging of interactions, sentiment, friction, and verbatim quotes, but the privacy consequences are not surfaced as an upfront warning before describing operation. Because the collected data is highly sensitive natural-language content, failing to foreground the privacy impact undermines informed consent and increases the risk of collecting more than users reasonably expect.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill instructs aggressive capture and retention of users' exact words across interactions, including corrections, reactions, and expectations, which creates a large pool of sensitive natural-language data. Even if some secret types are excluded, broad verbatim collection predictably captures personal, confidential, or regulated information beyond what is necessary for the stated UX purpose.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The passive observation stream plus daily distillation into verbatim-first reports creates a secondary aggregation risk: sensitive interaction data becomes easier to review, search, and share in one place. Aggregated reports magnify harm because they transform scattered session content into concise summaries and quote collections that can expose behavior patterns, frustrations, goals, and possibly confidential work content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal