Back to skill

Security audit

hi-light Ear Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real HiLight setup skill, but it handles an API key in ways that could expose it and enables a broad default channel configuration.

Review before installing. Only use this if you trust the external HiLight plugin package and are comfortable storing the HiLight API key in OpenClaw configuration. Avoid pasting real tokens into ordinary chat when possible, do not share setup logs or full channel config output, and consider restricting --allow-from and --dm-policy instead of using the open defaults.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt embeds a generic activation phrase and directly encourages installation/configuration with an API key, which can cause the skill to trigger in ordinary user requests that mention installing or configuring HiLight. In a skill that edits configuration and handles secrets, overly broad invocation increases the chance of unintended execution, secret exposure in prompts, or accidental configuration changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes the HiLight API key into OpenClaw configuration and then prints the entire `channels["hi-light"]` object with `--json`. In many configurations this will include `authToken`, exposing the secret to terminal scrollback, shell logging, CI logs, remote session capture, or other observers; in this setup workflow context, users are especially likely to run the script interactively and share logs while troubleshooting, which increases the chance of credential leakage.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly gives users an example that includes the raw API key directly in the chat prompt. Even though the text elsewhere says to treat the API key as sensitive, this example trains users to disclose secrets in model-visible conversation history, logs, telemetry, screenshots, or shared transcripts.

Ssd 3

Medium
Confidence
96% confidence
Finding
The English example repeats the same unsafe pattern by telling users to include their API key in prompt text. In the context of an agent skill, this increases the chance that credentials are exposed to the model, persisted in logs, or leaked through debugging, support, or prompt replay workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.