HR Agent Creation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent, but it makes persistent OpenClaw and Feishu routing changes and creates an agent with broad stated powers without enough confirmation or containment.

Install only if you intend this skill to change your OpenClaw agent configuration and bind an agent to a Feishu group. Prefer interactive mode, review the config diff yourself, keep ~/.openclaw/openclaw.json private, and test with a non-sensitive Feishu group before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script generates an AGENT.md that grants broad capabilities including exec, read/write/edit, and Feishu document/chat operations, which exceed the narrowly described task of creating agents and binding a chat. This violates least privilege and can materially increase blast radius if the generated HR agent is compromised, misused, or prompted into unsafe actions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script edits ~/.openclaw/openclaw.json and adds agent/binding entries automatically in non-interactive mode, with no explicit confirmation before changing the user's live configuration. This can unexpectedly alter local automation behavior, bind an agent to a chat, or overwrite intended settings, especially if run from documentation or higher-level tooling.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal