Multi-Angle-Thinking

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed deep-analysis helper with optional reminder hooks; its main risk is over-triggering web-search-based analysis, not hidden malware or data theft.

Install the core skill if you want structured deep analysis. Be cautious with confidential prompts because the workflow may use web search. Only enable the optional OpenClaw hook if you want automatic prompt-based reminders, and disable it if broad words like 'analyze' make it activate too often.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill’s declared behavior says it should only run on explicit user request, but the finding indicates broader trigger behavior and hidden session-start context injection. That creates a trust and control problem: the skill may activate unexpectedly, shape the agent’s behavior outside clear consent boundaries, and perform or encourage analysis/search workflows the user did not explicitly request.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The hook automatically injects the skill whenever broad keywords appear in the user's prompt, which contradicts the skill metadata requirement that it be user-invoked only. This can cause unrequested behavioral changes, including steering the agent into a more powerful analysis workflow with web search and simulation steps the user did not explicitly request.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: Overly broad trigger phrases can cause the skill to activate during ordinary conversation, leading to unintended tool use, unnecessary web searches, or unsolicited simulation/narrative framing. In this context, the skill is designed to gather external data and perform deep analysis, so accidental invocation increases privacy, consent, and prompt-steering risks.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The example invocations are vague enough that they may normalize broad matching behavior and encourage activation on loosely related requests. While this is less severe than hidden behavior, it still weakens user intent boundaries and can contribute to unexpected skill execution in benign conversations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The hook monitors very broad phrases such as 'analyze', 'simulate', and Arabic equivalents that commonly appear in normal conversation, so it can activate outside the user's intended scope. Because this hook injects extra instructions into agent context automatically, over-triggering can alter behavior, increase prompt surface area, and cause unnecessary use of a deeper reasoning pipeline on ordinary requests.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The injected reminder instructs the agent to gather real data via web_search, but nothing in the hook ensures the user is informed or has consented to external lookup at trigger time. In a skill that can activate from loose keyword matching, this increases the chance of unexpected external data access, which can violate user expectations around privacy, cost, or determinism.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal