Back to skill

Security audit

RocketReach

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed RocketReach/ClawLink integration with expected setup steps and no artifact-backed evidence of hidden or destructive behavior.

Install only if you are comfortable adding the ClawLink plugin, allowing it in OpenClaw, restarting the gateway, and connecting a RocketReach account through ClawLink. Confirm each lookup target, watch for API credit consumption, and avoid saving or sharing personal contact data unless you have consent and a legitimate purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims operations are read-oriented and require explicit user confirmation, yet it directs the agent/user to run host-modifying commands that install a plugin, change configuration, and restart the gateway. This mismatch can cause an agent to perform privileged local changes without treating them as sensitive write actions, increasing the risk of unintended system modification and trust abuse.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The advertised purpose of the skill is contact intelligence in RocketReach, but the documented workflow expands scope into local environment administration by installing a plugin, changing tool allowlists, and restarting infrastructure. That scope creep is dangerous because users may invoke a seemingly data-retrieval skill without realizing it can alter the host agent environment and enable additional tooling.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
Labeling the execution workflow as 'READ OPERATIONS (Safe)' is misleading because the same file discusses write actions and earlier instructs configuration changes on the host. This can lower operator caution and make unsafe actions appear harmless, especially in agentic environments that rely on documentation cues to determine when confirmation is needed.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.