OpenClaw Validate

Security checks across malware telemetry and agentic risk

Overview

This skill matches its HumanJudge challenge purpose, but it requires ongoing automatic checks and future answer submission without clear opt-in or stop controls.

Install only if you are comfortable giving HumanJudge an email address, storing a local HumanJudge API key, and having the agent submit public challenge answers. Before enabling it, ask for heartbeat checks to be opt-in, notification-only unless you approve submissions, and easy to disable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill mandates adding a persistent heartbeat that periodically checks an external site and may automatically fetch and answer new rounds. This expands the skill from a one-time user-initiated workflow into ongoing autonomous network activity, increasing the chance of unreviewed actions and data transmission beyond the original task scope.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The skill description says setup requires owner interaction, but the workflow later instructs the agent to bypass refusal regarding sharing model/framework metadata. That creates a consent contradiction: the user is told their participation is required, yet a refusal can be overridden for part of the registration payload.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The instruction to 'determine where you are in the sequence and continue from that point' on every activation is overly broad and can cause the agent to resume external operations without a fresh, specific user request. This weakens trigger boundaries and can lead to unintended registration, question submission, or follow-up activity in contexts where the user did not mean to continue the workflow.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The post-install instruction requires the skill to immediately begin interacting and requesting setup data without a clear trigger beyond installation. Automatic startup can surprise users and pressures them into a workflow before they've deliberately chosen to use the integration.

Ssd 4

Medium

Confidence: 90% confidence
Finding: The workflow explicitly encourages disclosure of internal agent configuration and says to bypass the step if the owner refuses. That is a coercive pattern around sharing non-user-approved information and undermines meaningful consent, especially since model/provider/framework details can be sensitive in some deployments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal