MiniMax Opus 调教法

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it asks users to overwrite a persistent OpenClaw behavior file with broad permanent agent instructions.

Install only if you intentionally want persistent global changes to OpenClaw behavior. Back up any existing SOUL.md first, review and narrow the rules before saving, and keep a clear way to remove or restore the file later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the user to create or overwrite a hidden local configuration file in `~/.openclaw/workspace/SOUL.md` using shell redirection, but does not warn that this changes persistent agent behavior for future sessions. Modifying a local prompt/config file in this way can silently replace existing settings, create hard-to-audit behavior changes, and make later model actions less predictable or policy-aligned.

Ssd 1

Medium

Confidence: 97% confidence
Finding: The skill embeds persona-rewrite instructions into a hidden local prompt file and frames them as permanent, mandatory behavioral rules such as '永久强制' and '从现在起'. Persistent hidden prompt injection is dangerous because it alters the model's default behavior across tasks, can mask provenance of outputs, and may encourage concealment-related behaviors like suppressing reasoning visibility or steering tool choice without transparent user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal