Meditations

Security checks across malware telemetry and agentic risk

Overview

This is a Stoic philosophy coaching skill with broad wellness-style prompts, but no evidence of hidden code, credential use, exfiltration, or destructive behavior.

Install only if you want Stoic practice guidance to appear in conversations about stress, adversity, or control. Consider disabling proactive check-ins or state tracking if you do not want personal practice context retained, and avoid granting filesystem access unless your OpenClaw runtime clearly needs it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill defines invocation triggers using broad, high-frequency terms such as 'stoicism,' 'inner peace,' 'control and acceptance,' and even first-install or onboarding ambiguity, which can cause the skill to activate in conversations only loosely related to Marcus Aurelius. This creates unintended routing and prompt injection surface expansion: the skill may override user intent, insert unsolicited guidance, or hijack unrelated wellness, philosophy, or emotional-support interactions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal