Back to skill

Security audit

Aloudata CAN SKILLS - scheduled-report

Security checks across malware telemetry and agentic risk

Overview

This skill transparently turns a user-confirmed analysis workflow into a recurring OpenClaw report, but the saved task prompt may contain sensitive business context.

Install if you want recurring OpenClaw analysis reports. Before confirming a scheduled task, review the generated configuration and prompt for confidential metrics, filters, internal names, thresholds, or business judgments, and delete or disable tasks when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to preserve and replay conversation-derived analysis details, including user conclusions, thresholds, and output preferences, into future scheduled prompts. Embedding broad slices of prior conversation into a reusable scheduled task can disclose sensitive business context or personal data to future runs, logs, operators, or downstream systems beyond what is necessary for task execution.

Ssd 3

High
Confidence
96% confidence
Finding
Requiring the future task prompt to be 'fully self-contained' and to embed all prior conversation information creates a substantial leakage channel. Scheduled prompts often persist in cron definitions, command histories, logs, task metadata, or admin tooling, so copying entire prior context can expose secrets, sensitive business logic, internal identifiers, or user-provided data far more broadly and durably than the original conversation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.