Back to skill

Security audit

Pincushion Openclaw

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate feedback-to-agent purpose, but it asks users to enable cloud synchronization and embed a hosted page-inspection widget without enough deployment and data-flow safeguards.

Install only after confirming Pincushion is approved to receive the page URLs, screenshots, DOM snippets, selectors, comments, and acceptance criteria your users may submit. Prefer local-only mode or non-production/staging use unless cloud sync is explicitly needed, and review the hosted widget with your security/privacy process before adding it to production pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The configuration explicitly enables `--cloud-sync` even though the skill description centers on reading live page context, screenshots, DOM snippets, threads, and acceptance criteria for local agent work. That creates a real data exposure risk because potentially sensitive page content and stakeholder feedback may be transmitted to a remote service without any justification or disclosure in the snippet.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The stated purpose is to convert pinned stakeholder feedback into agent work packets, which does not inherently require remote synchronization. Because the skill handles browser-derived artifacts such as screenshots, selectors, DOM snippets, and discussion threads, unjustified cloud sync broadens the trust boundary and can leak proprietary or sensitive application data to third-party infrastructure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs users to embed a remotely hosted third-party script into their application without any discussion of trust boundaries, data collection, CSP/SRI implications, or the security consequences of granting that script full DOM access. Because the widget is specifically designed to inspect pages and capture selectors, DOM snippets, viewport state, and user feedback, a compromised or overly permissive remote script could exfiltrate sensitive page content or introduce supply-chain risk into production or staging environments.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.