Back to skill

Security audit

Daily Vocab

Security checks across malware telemetry and agentic risk

Overview

This is a coherent daily vocabulary skill with optional scheduled message delivery, but users should notice the push-notification feature before enabling it.

Before installing, be aware that this skill can optionally create recurring OpenClaw cron jobs that send daily vocabulary prompts to a messaging channel. Only run the push-toggle on command if you want those messages, and use the documented off command or cron list to manage them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill is presented as a vocabulary-card generator, but it also documents operational behavior for enabling and disabling scheduled pushes to external messaging platforms. That hidden expansion of scope matters because users invoking a harmless learning skill would not reasonably expect outbound delivery, persistent scheduling, or channel-targeted notification management, which can be abused for unsolicited messaging or covert data flow.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file includes user-targeted push-notification management even though the manifest describes only generating a daily vocabulary card. This discrepancy creates an undeclared side-effect surface involving external communication and user identifiers, increasing the risk of surprise actions, spam, or misuse of messaging integrations.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Subscription management and multi-channel message delivery are not necessary to fulfill the stated educational purpose, so they represent unnecessary privileged behavior. Unjustified outbound capabilities broaden the attack surface and can be repurposed to send unwanted messages, track users, or persist actions beyond the immediate session.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.