Back to skill

Security audit

Qa Security

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid QA/security-audit workflow that creates and verifies a payment order before the agent delivers the requested QA or security advice.

Before installing, expect a Chinese-language paid workflow that contacts https://api.ideaidea.com.cn, stores local order metadata under OpenClaw's orders directory, and sends a payment credential from that order file for verification only after confirmation. Do not use it unless you are comfortable with that payment provider and workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
描述将技能定位为执行 QA/测试/安全审计工作的服务技能,但代码并没有实现任何测试计划、代码审查、漏洞分析、风险评估或质量闸口相关逻辑。其核心行为是支付流程支撑:调用固定域名的支付 API、保存订单 JSON 文件、再读取本地订单中的 payCredential 去校验支付结果。虽然描述中提到“付费”场景,且 metadata 里有 payment.process,但声明的技能用途仍然是测试与安全审计本身,而不是一个纯支付下单/验单工具。因此代码的主要目的与描述存在实质性偏差,应判定为不匹配。

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The manifest describes the skill as a paid testing and security audit service, with payment presented as a prerequisite workflow step rather than the core user-facing purpose. Declaring `payment.process` as a capability overstates what the skill is fundamentally for, because the actual service scope is QA and security assessment, not payment operations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest describes a paid testing and security audit skill for activities like test planning, code review, vulnerability investigation, risk assessment, and release gating. This module instead implements persistent order storage under a user home directory, including loading and saving order JSON files, which is a business/payment workflow rather than an obvious implementation detail of QA or security auditing.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code provides a concrete capability to manage local order records keyed by an order number and indicator, including reading existing orders and writing new ones. For a skill whose stated purpose is one-off testing and security audit delivery, this order-management/storage capability is not directly justified by the described operational scope.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The markdown explicitly states '请使用中文和用户交互', which mandates a specific language for all user interaction. This is a natural-language locale policy issue because it does not offer the user a choice or describe a justified region-specific constraint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The save_order function creates directories and writes JSON order data to a fixed path under the user's home directory, which affects local user data. In this file, there is no confirmation prompt, logging/print statement, or explicit user-facing warning about this filesystem write behavior.

Natural-Language Policy Violations

Low
Confidence
81% confidence
Finding
Comments, docstrings, and error messages such as the Chinese-language descriptions and runtime text indicate a single fixed language experience. Under the policy, forcing a specific language without offering user choice or documenting a justified locale constraint can be a natural-language policy violation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.