Security audit

PV_18

Security checks across malware telemetry and agentic risk

Overview

This skill is a PR/brand persona that also tells the agent to automatically save and reuse user preferences and decisions across sessions without clear user control.

Review before installing. Use this only if you are comfortable with a PR/brand assistant saving local memories about your preferences, decisions, and important information. Require explicit permission before saving sensitive strategy, inspect ~/.openclaw/pv_palace/memories.json periodically, and delete that file if you do not want retained context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a public-influence/brand-strategy tool, but most of its documented behavior adds cross-session memory storage and retrieval of user data. This capability mismatch is risky because users and reviewers may not expect persistent profiling or retention in a branding skill, increasing the chance of undisclosed collection of preferences, decisions, and other sensitive context.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The documented `store_memory` behavior automatically writes user preferences, decisions, and tagged information to a local JSON file under the home directory without any consent gate or data-minimization controls. For a brand-strategy skill, this is not operationally necessary on its face and creates a persistent profile of the user that could expose sensitive business or personal information.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill advertises durable memory as an automatic feature but does not warn users at the point of use that their data will be retained locally across sessions. Silent retention undermines informed consent and can lead users to disclose sensitive preferences, plans, or decisions that they would not have shared if the storage behavior were clearly disclosed.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The usage scenarios instruct the agent to automatically call `store_memory` for user preferences and important decisions, yet they do not mention that this action writes data to disk. Automatic writes without contextual warning are dangerous because they normalize retention of potentially sensitive content and deprive the user of any opportunity to consent or redact information first.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The documentation explicitly states that the agent has persistent memory and will automatically remember user preferences, decisions, and important information. Cross-session retention of such data without consent, scoping, or sensitivity filtering is dangerous because it can accumulate a long-lived behavioral dossier that is unrelated to the stated skill purpose and may later be exposed or misused.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The usage table directs the agent to automatically store preferences and decisions as soon as they are observed, with no explicit consent step. In context, this is more dangerous because the skill is framed as a PR/brand strategy assistant, so users are likely to share sensitive strategic plans, stakeholder views, and business decisions that should not be silently persisted.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.