Security audit

coin-news-openclaw

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent crypto-news collector that fetches public feeds and caches token names locally, with no evidence of credential access, exfiltration, or destructive behavior.

Use this for on-demand crypto-news digests if you are comfortable with public network requests to the listed news sites and CoinGecko. For deterministic or read-only runs, review sources.yaml and run the helper with --no-dynamic-tokens so it does not refresh the local token cache.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to read local files, run a Python script, use network access to fetch news, and write cached dynamic token data back into configuration, yet no permissions are declared. This creates a capability/permission mismatch that can lead to over-privileged or unreviewed execution paths, making it harder for operators to understand and constrain file and network access.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The script persists runtime-fetched CoinGecko token data back into scoring.yaml, which changes local configuration state during normal execution. That creates an unexpected side effect for a news-fetching skill and allows untrusted remote data to influence future runs, potentially poisoning scoring behavior or causing configuration drift.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal