Security audit

导购对比分析

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support its stated business-reporting purpose, but it handles sensitive employee performance reports and can send them to enterprise WeChat without clear authorization or recipient safeguards.

Review this skill before installing. Use it only with approved employee-performance data, verify exactly who receives enterprise WeChat reports, and avoid running it in an environment where unrelated or untrusted files under ~/.openclaw/skills could be modified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The module prepends a user-home skill directory to sys.path and then imports analyze from there, which creates an implicit code-loading trust boundary outside this file. If that external path or file is modified, this skill will execute attacker-controlled Python during normal comparison operations, making the comparison skill a code-execution pivot rather than a self-contained analytics tool.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documentation explicitly describes generating employee performance comparison reports and pushing them to enterprise WeChat without any mention of authorization, minimization, recipient checks, or user notice. In a personnel-performance context, this creates a realistic risk of privacy leakage and inappropriate disclosure of individual employee metrics to unintended audiences.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Importing executable code from a user-home path without disclosure or trust controls means the skill depends on mutable local content that may be replaced, shadowed, or tampered with. In this context, the risk is amplified because the import happens automatically at module load, so compromise of the referenced home-directory skill can lead to unintended code execution whenever this skill is used.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.