Back to skill

Security audit

Phosor AI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Phosor AI video-generation client with expected risks around API-key billing, uploaded media/model files, URL imports, and local job tracking.

Install only if you trust Phosor and understand that prompts, uploaded images, LoRA files, and imported URLs are sent to Phosor for processing and may be billed to your API key. Avoid sensitive media, confidential prompts, proprietary model files, private/signed URLs, and untrusted PHOSOR_BASE_URL values. Confirm the target LoRA before running delete-lora, and remove ~/.openclaw/workspace/phosor-pending.json if you do not want locally retained job metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to upload images and LoRA model files to a third-party remote service, but it does not disclose that local assets will be transmitted off-device or warn about privacy, confidentiality, licensing, or data-handling risks. In an agent-skill context, users may assume operations are local or may supply sensitive media or proprietary model files, increasing the chance of unintended data exfiltration to an external platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly supports importing images and LoRA models from arbitrary external URLs but does not warn users that remote resources may expose private URLs, trigger server-side fetches, or ingest untrusted model/data content. In this context, that is security-relevant because users may supply internal, signed, or sensitive links, and remote-fetch features can create privacy, provenance, and supply-chain risks.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The documented delete-lora command performs a destructive action with no warning, increasing the chance of accidental deletion of user assets or workflows. While this is not a code execution issue, the lack of cautionary documentation can lead to avoidable data loss or disruption, especially in an agent-driven environment where commands may be executed quickly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The PendingManager persists request metadata, including a truncated copy of the user's prompt, to ~/.openclaw/workspace/phosor-pending.json without any consent prompt, retention control, or file-permission hardening. User prompts may contain sensitive data, proprietary creative content, or personal information, creating a local privacy leak to other local users, backups, or later processes that can read the workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.