Work Journal

Security checks across malware telemetry and agentic risk

Overview

This work-journal skill is coherent and purpose-aligned, but users should understand it saves work notes locally and has unclear wording around possible LLM processing.

Install only if you are comfortable with work notes being saved under ~/.openclaw/data/work-journal. Avoid pasting passwords, API keys, customer secrets, or highly confidential business details until the publisher clarifies whether LLM processing is local or remote and adds stronger redaction or opt-in controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises local processing but its documented architecture includes an LLM wrapper and static analysis detected network capability, while no permissions are declared. Undeclared file read, file write, and network access weakens user consent and sandboxing expectations, and could expose sensitive work notes, reports, or history if the implementation sends data externally or reads more than intended.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior goes beyond simple report transformation by persisting reports locally, reading history, and generating summaries from previously saved files, but this broader data-handling is not reflected in the declared purpose. That mismatch can mislead users about retention and access patterns for potentially sensitive workplace data, increasing privacy and confidentiality risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The HTML wrapper interpolates both title and body directly into an HTML document without any escaping or sanitization. If either value can contain user-controlled content, this enables HTML/script injection in generated reports, which can lead to stored or reflected XSS when the report is viewed in a browser.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal