workspace-organizer

Security checks across malware telemetry and agentic risk

Overview

This skill locally organizes OpenClaw workspace task folders and saves recovery notes; its file writes and checks are disclosed and fit that purpose.

Install this only if you want OpenClaw to keep local task memory and recovery metadata in your workspace. Avoid putting secrets in task notes, review the heartbeat template before enabling periodic checks, and prefer manual recovery when old task context may contain sensitive or stale information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to use shell commands and local scripts with file read/write behavior, but it does not declare any permissions or capability boundaries. That creates a transparency and policy gap: a user or host system may invoke a skill that can modify workspace contents or execute commands without an explicit consent model, increasing the chance of unintended file operations or command execution.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The script delegates execution to external `python` or `py` binaries resolved from the environment without constraining the interpreter path or verifying the target runtime. In an agent context, this expands the trust boundary and can lead to execution of a malicious interpreter or unexpected code path if PATH resolution is hijacked.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad generic requests such as organizing files, saving progress, and restoring tasks, which could cause the skill to activate in many loosely related contexts. Because the skill then directs shell execution and filesystem changes, overbroad activation raises the risk of unintended invocation and unauthorized workspace modifications from ambiguous user prompts.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The guide explicitly instructs periodic automatic scanning of unfinished tasks every 2–4 hours and says the system will automatically execute checks during heartbeat, but it does not clearly disclose consent, scope, or how this background activity may affect the user’s workspace and privacy. In a workspace-organizer skill, automatic task scanning is plausible functionality, but undocumented background execution still creates a legitimate transparency and user-expectation issue rather than a direct code-execution flaw.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal