Zan Gongde

Security checks across malware telemetry and agentic risk

Overview

This skill openly spends OpenClaw tokens, including silent and high-concurrency modes that can rapidly consume quota and may overshoot the user's target.

Review before installing. Use only if you intentionally want to spend OpenClaw tokens; start with small visible runs, avoid tollm and ddos unless you set strict limits, and do not use the manual GitHub clone path unless you separately trust and inspect those files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The README explicitly advertises a 'ddos' mode with 10-thread concurrent request flooding, rate claims, and automatic handling of 429s, which goes beyond benign token consumption and normalizes denial-of-service behavior. In this skill context, the capability is especially dangerous because it encourages users to weaponize shared LLM infrastructure or upstream services under the guise of 'burning tokens'.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The documentation recommends the skill to 'test API rate limiting' and to use high worker counts for extreme concurrent invocation, which is not necessary for the stated purpose of consuming a user's own unused tokens. Using subagents to scale independent LLM sessions materially increases the ability to stress or disrupt platform services and amplifies cost and abuse risk.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly implements a high-concurrency "ddos" mode using threads and subagents to rapidly generate API traffic and burn tokens. Even if framed as entertainment, this is an unjustified resource-consumption capability that can abuse platform quotas, trigger rate limits, and create denial-of-service effects against the LLM/API backend.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The toworld mode invokes a local OS command via subprocess to speak model output, which expands the skill's effects beyond token consumption into host-side execution. Although the command is fixed to `say`, it still creates unnecessary local side effects and increases the attack surface for a skill whose stated purpose is simply consuming tokens.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documentation promises users they can stop execution via a spoken command or stop flag, but the provided logic does not actually implement a reliable stop mechanism. For a loop designed to keep consuming tokens until a threshold is reached, missing cancellation controls can cause runaway usage, overspending, and inability to halt harmful behavior promptly.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README promotes rapid high-concurrency token burning with slogans like '10秒烧掉10万token' while downplaying the financial and operational consequences of irreversible consumption. In this context, users are encouraged toward expensive actions without meaningful upfront consent, guardrails, or a prominent warning before invocation.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill advertises and operationalizes a high-concurrency token-burning mode without meaningful safeguards against abusive API behavior. In context, the functionality is not merely poorly documented; it is designed to maximize rapid consumption and concurrent requests, which makes misuse against service infrastructure substantially more dangerous.

Natural-Language Policy Violations

High

Confidence: 95% confidence
Finding: The skill description includes explicit attack-oriented language promoting a "DDoS" mode, normalizing and encouraging harmful conduct. While this line alone is not executable code, it signals adversarial intent and raises the likelihood that the surrounding implementation is meant to facilitate abusive behavior.

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The repeated headings, examples, and status messages framing the feature as a DDoS attack reinforce harmful intent and guide users toward abusive use of concurrent API calls. In context, this language is paired with implementation details for real concurrency, making it more than rhetoric and directly tied to dangerous behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal