Org Learning Ops Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a governance helper that asks to read OpenClaw session and configuration data, which is sensitive but consistent with its stated purpose and disclosed behavior.

Install only if you are comfortable letting the skill review OpenClaw session logs and agent configurations. Use it in admin or governance contexts, avoid running it over unrelated private agents unless intended, and review any proposed installs, updates, activations, or configuration changes before approving them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs access to full conversation history across agents and visible agent configuration, which can expose sensitive prompts, personal data, secrets, and internal operational metadata far beyond a minimally necessary scope. The danger is increased because the collection is framed as a fixed input and mandatory analysis step, with no user-facing notice, consent gate, minimization rule, or redaction requirement.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal