Listonic

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Listonic shopping-list integration, but it stores Listonic credentials locally and users should protect that file.

Install only if you are comfortable giving the skill access to your Listonic account. Prefer token mode over password mode, keep ~/.openclaw/credentials/listonic/config.json private with restrictive permissions, and rotate or revoke credentials if that file is exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The setup instructions tell users to store refresh tokens, access tokens, client secrets, or email/password locally and note that tokens are persisted back to config, but they do not warn about the sensitivity of this data. If the local filesystem is exposed, backed up insecurely, or shared with other tools, these credentials could be stolen and used to access the user's Listonic account.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill persists access and refresh tokens, and potentially email/password credentials, to a predictable local file under the user's home directory without setting restrictive file permissions or warning the user. If the file inherits permissive OS defaults or is exposed via backups, shared systems, or other local compromise, an attacker could reuse those credentials to access and modify the user's Listonic account.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal