Back to skill

Security audit

Agent Council

Security checks across malware telemetry and agentic risk

Overview

The skill appears legitimate, but it can make live Discord and OpenClaw configuration changes and set up persistent agent activity with limited safeguards.

Install only if you intentionally want a tool with administrative access to OpenClaw and Discord. Use a test Discord server first, verify guild/channel/workspace paths carefully, keep affected workspaces under version control, review generated gateway patches before applying them, and skip the cron memory setup until you have a cleanup and retention plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
98% confidence
Finding
The skill clearly instructs the agent to perform privileged actions including reading environment configuration, writing files, patching gateway config, invoking external networked Discord APIs, and restarting services, yet it does not declare permissions or provide explicit capability boundaries. This increases the chance of accidental invocation with broad side effects and makes review and runtime enforcement harder.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises actions with real side effects—automatic gateway configuration changes, service restarts, and Discord channel operations—but does not warn users that running the skill can modify local system state and external services. In an agent-skill context, lack of side-effect disclosure increases the risk of operators invoking the tooling without understanding that it can alter production messaging routes or restart infrastructure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description uses broad activation language like 'Use when setting up multi-agent systems, creating new agents, or managing Discord channel organization,' which can match many ordinary requests and trigger a powerful skill in contexts where the user did not intend config or Discord changes. Because the skill performs file writes, network actions, and service changes, overbroad routing materially raises risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The feature list advertises creation and configuration behavior but does not clearly warn that these actions can call the Discord API and modify local gateway/workspace state. Users or higher-level orchestrators may therefore underestimate the side effects and invoke the skill without informed consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The agent creation workflow omits a clear warning that running the script writes agent files, updates gateway configuration, restarts the gateway, and may install scheduled cron jobs. These are persistent and potentially service-impacting operations, so failing to surface them explicitly increases the risk of unsafe execution.

Session Persistence

Medium
Category
Rogue Agent
Content
- Optional cron job setup

**Discord Channel Management:**
- Create Discord channels via API
- Configure OpenClaw gateway allowlists
- Set channel-specific system prompts
- Rename channels and update references
Confidence
81% confidence
Finding
Create Discord channels via API - Configure OpenClaw gateway allowlists - Set channel-specific system prompts - Rename channels and update references - Optional workspace file search ## Installation

Session Persistence

Medium
Category
Rogue Agent
Content
- `--emoji` (required) - Agent emoji
- `--specialty` (required) - What the agent does
- `--model` (required) - LLM to use (provider/model-name)
- `--workspace` (required) - Where to create agent files
- `--discord-channel` (optional) - Discord channel ID to bind

**Output:**
Confidence
82% confidence
Finding
create agent file

Session Persistence

Medium
Category
Rogue Agent
Content
echo -e "${YELLOW}📅 Memory System${NC}"
echo ""
echo "Would you like to set up a daily memory cron job for $NAME?"
echo "This will create a job that reviews and updates the agent's daily memory file."
echo ""
read -p "Create daily memory cron? (y/n): " -n 1 -r
echo ""
Confidence
91% confidence
Finding
create a job that

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.