Back to skill

Security audit

Pacer Skill

Security checks across malware telemetry and agentic risk

Overview

Pacer appears to be a legitimate career-planning skill, but it needs Review because it persistently stores broad resume, financial, and progress data without clear consent, retention, or deletion controls.

Install only if you are comfortable with Pacer keeping a persistent local profile of your resume-derived history, career goals, financial runway, network, motivations, milestones, and weekly progress. Before uploading a CV or sharing sensitive details, check whether your OpenClaw environment lets you inspect, disable, or delete the Pacer memory file and weekly check-ins.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (20)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README suggests very generic activation phrases such as asking for next-step planning or expressing confusion, which can easily occur in ordinary conversation. In agent ecosystems that auto-route based on trigger examples, this increases the chance the skill activates unintentionally and gains access to sensitive career context or uploaded CV data without clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example activation phrases are very broad and map to common, everyday requests such as asking what to do next or expressing confusion. This can cause the skill to activate unintentionally in unrelated conversations, leading to scope hijacking where the assistant shifts into this skill without clear user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list includes ambiguous phrases like '我该怎么办', '下一步', '迷茫', and '规划', which are common across many domains and not specific to career guidance. In a shared assistant environment, these broad triggers can cause over-activation, intercept unrelated user requests, and degrade routing integrity by capturing conversations meant for other skills or the base assistant.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill content is entirely in Chinese and does not offer any language selection or fallback, which can exclude users who do not read Chinese and may cause them to misunderstand planning guidance or consent cues. In a career-planning skill, this is primarily an accessibility and user-safety issue rather than a direct exploit path, but it can still lead to poor decisions if users cannot fully understand the interaction.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The example conversation is entirely in Chinese and does not indicate any language selection mechanism or documented locale restriction. This can exclude users who do not read Chinese and may cause the agent to ignore user language preferences, creating an accessibility and usability weakness rather than a direct exploit path.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The auto-trigger condition 'enter automatically after scan completes' is overly broad and can cause the skill to activate in contexts the user did not explicitly intend. In an agent setting, unexpected autonomous transitions can lead to unrequested profiling, advice generation, or onward workflow execution, which increases the risk of consent and scope violations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase '我有哪些选择' is common and broad enough to match ordinary conversation outside the intended planning workflow. This can cause accidental skill invocation and steer the session into career-planning logic when the user may be asking a general question, creating context confusion and possible unauthorized processing of prior user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to persist structured CV data into memory, including employment history, skills, education, and inferred seniority/industry, but provides no user-facing notice or consent step before retention. Because CVs contain sensitive personal and professional data, silent storage increases privacy risk, unauthorized reuse risk, and potential over-collection beyond what is necessary for the immediate task.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions allow the skill to activate automatically for first-time users or when memory is empty, even without a clear, contemporaneous user request for this specific workflow. In a career-coaching context this can cause unsolicited collection of sensitive personal and financial information, which is a privacy and consent problem rather than a code-execution issue.

Missing User Warnings

High
Confidence
97% confidence
Finding
The prompt explicitly says to store all collected answers in memory, including skills, time availability, financial runway, network, motivation, and inferred status, without any user-facing notice or consent for retention. This creates a clear privacy risk because sensitive profiling data may persist beyond the immediate session and be reused in ways the user did not expect.

Missing User Warnings

High
Confidence
98% confidence
Finding
The CV workflow instructs the system to read uploaded documents, extract employment history, skills, education, and years of experience, then use that information to skip questions, but it gives no warning that document contents will be parsed and potentially retained in memory. CVs commonly contain highly sensitive personal data, so silent ingestion and persistence materially increases privacy and profiling risk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match common career-related or uncertain-language queries in normal conversation, which can cause the skill to activate without clear user intent. In a career-coaching skill, unintended activation can steer conversations, collect/store user context, and change behavior at moments when the user did not explicitly ask for this mode.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prompt instructs persistent storage of user data in a local file and updates on each conversation, but provides no user-facing disclosure, consent flow, retention limit, or deletion mechanism. For a career companion, the stored content may include sensitive employment history, goals, finances, or personal struggles, making undisclosed retention a meaningful privacy and compliance risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions include very common user phrases like “查看进度” and “我完成了...”, which can appear in ordinary conversation and unintentionally activate the tracking workflow. That can cause the skill to read or update memory, render stored progress data, or alter state without clear user intent, creating privacy and integrity risks around personal career-planning data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill initializes and persists user progress data to local memory without any user-facing notice or consent at the point of collection. Because the stored fields include path choice, dates, milestones, and progress history, silent retention increases privacy risk and may surprise users who do not expect durable logging of sensitive career-planning activity.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The weekly and monthly tracking flows instruct the agent to retain detailed weekly commitments and daily action logs, but the user-facing behavior does not warn that these detailed histories are kept over time. Even if storage is local, longitudinal activity logs can reveal habits, performance patterns, and sensitive personal planning details if accessed unexpectedly.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description 'Your AI career companion' is broad and does not clearly limit when the skill should be invoked. In agent systems, overly broad descriptions can cause accidental over-invocation, unnecessary access to memory or uploaded files, and unexpected handling of sensitive career documents in contexts the user did not intend.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The weekly heartbeat prompt is hardcoded in Chinese without any indication of language preference, consent, or fallback behavior. This can create confusing unsolicited interactions, reduce user comprehension, and in some deployments may pressure users into sharing personal progress updates in a language they did not choose, increasing privacy and consent risks.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to 'remember everything' and reuse it across conversations creates an overbroad retention policy in natural language, encouraging collection and resurfacing of all user-provided information regardless of sensitivity or necessity. In this skill's context, that increases the chance of retaining intimate career, health, financial, or personal details and later exposing them in unrelated interactions.

Ssd 3

Medium
Confidence
97% confidence
Finding
The prompt broadly directs the agent to read local memory at every conversation start, update it whenever new information appears, and naturally reference stored content. This creates unrestricted reuse of personal data without scoping, consent, or sensitivity checks, increasing the risk of privacy leakage, over-collection, and inappropriate resurfacing of prior information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.