Back to skill

Security audit

Book Review Skill

Security checks across malware telemetry and agentic risk

Overview

This skill only turns user-provided reading notes into local template-based book reviews, with no evidence of data access, network calls, persistence, or destructive behavior.

Install only if you are comfortable with a simple local template skill for formatting reading notes. Prefer running it through explicit commands such as /book-review, and use a current patched OpenClaw runtime with reviewed or pinned dependencies for better supply-chain assurance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The usage examples include natural-language phrases such as "之前读的那本书讲了什么来着" and similar broad prompts that can overlap with ordinary conversation. In agents that auto-route skills based on semantic similarity rather than strict slash commands, this can cause unintended invocation, making the skill activate on casual text and potentially produce misleading or unsolicited transformations of user content.

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "homepage": "https://github.com/harrylabs0913/openclaw-skill-book-review#readme",
  "dependencies": {
    "openclaw": "^2026.3.0"
  },
  "devDependencies": {
    "@types/node": "^20.10.0",
Confidence
91% confidence
Finding
"openclaw": "^2026.3.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"openclaw": "^2026.3.0"
  },
  "devDependencies": {
    "@types/node": "^20.10.0",
    "esbuild": "^0.19.8",
    "typescript": "^5.3.2"
  },
Confidence
74% confidence
Finding
"@types/node": "^20.10.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "devDependencies": {
    "@types/node": "^20.10.0",
    "esbuild": "^0.19.8",
    "typescript": "^5.3.2"
  },
  "engines": {
Confidence
78% confidence
Finding
"esbuild": "^0.19.8"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"devDependencies": {
    "@types/node": "^20.10.0",
    "esbuild": "^0.19.8",
    "typescript": "^5.3.2"
  },
  "engines": {
    "node": ">=18.0.0"
Confidence
72% confidence
Finding
"typescript": "^5.3.2"

Known Vulnerable Dependency: openclaw==2026.3.0 — 10 advisory(ies): CVE-2026-53846 (OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency); CVE-2026-41913 (OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret r); CVE-2026-43526 (OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetche) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
openclaw==2026.3.0

Known Vulnerable Dependency: esbuild==0.19.8 — 1 advisory(ies): GHSA-67mh-4wv8-2f99 (esbuild enables any website to send any requests to the development server and r)

Low
Category
Supply Chain
Confidence
84% confidence
Finding
esbuild==0.19.8

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.