Back to skill

Security audit

Skill Audit

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill quality auditor whose local file reads and report saving match its stated purpose.

Install this if you want structured skill-quality audits and are comfortable with reports being saved locally by default. Avoid auditing skills that contain secrets or private implementation details unless local retention under ~/.openclaw/workspace/skill-audit-reports is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill mandates writing audit output to a fixed path in the user's home directory, which introduces persistent side effects beyond merely analyzing and scoring a skill. This can create unexpected file writes, leak sensitive contents from audited skills into local storage, and normalize disk access without explicit user consent or disclosure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description uses broad triggers such as audit, score, validate, check, or evaluate a skill or SKILL.md, which can match many ordinary review requests and cause the skill to activate unexpectedly. Overbroad activation is dangerous because it can invoke hidden side effects in contexts where the user only wanted lightweight evaluation, especially given this skill's write-to-disk behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs writing audit reports to disk, but this side effect is not disclosed in the description that governs when the skill is selected. That mismatch is risky because users and orchestrators may invoke the skill expecting analysis only, while the skill silently persists potentially sensitive data to local storage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.