Back to skill

Security audit

AgentSentinel Safety Layer

Security checks across malware telemetry and agentic risk

Overview

AgentSentinel is a coherent local guardrail skill with disclosed local logging and opt-in cloud sync, but its event logs may contain sensitive command details.

Install this if you want local policy and budget checks. Treat .agent-sentinel/openclaw_events.jsonl as potentially sensitive because it can contain command text, paths, and operational context. Only set AGENT_SENTINEL_API_KEY and run sync if you trust AgentSentinel with those logged events.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises executable capabilities that include environment access, file read/write, and optional network communication, but it does not declare permissions accordingly. This creates a transparency and trust boundary issue: operators or orchestration systems may grant or invoke the skill without realizing it can access local state and exfiltrate recorded telemetry during sync.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The sync command uploads locally recorded events, including command strings and details captured in payload.inputs, to a remote service once an API key is present. While sync is operator-initiated, there is no just-in-time warning or review of the data being transmitted, which can lead to unintentional disclosure of sensitive commands, prompts, or metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.