Back to skill

Security audit

PV_26

Security checks across malware telemetry and agentic risk

Overview

This skill is not shown stealing data, but it tells the agent to automatically save user preferences and decisions across sessions without clear consent or deletion controls.

Install only if you are comfortable with this skill retaining user preferences, decisions, and other important information locally across sessions. Avoid sharing sensitive information unless you can inspect and delete the memory file, and prefer a version that requires explicit consent before saving anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as plain-language training/guidance, but the body introduces a persistent memory subsystem that stores user preferences, decisions, and other information to disk across sessions. This is a real security and privacy concern because it materially expands the skill's capabilities beyond its declared purpose, creating undisclosed retention of potentially sensitive user data.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes automatic storage and retrieval of user information even though its stated purpose is training guidance, where persistent retention is not clearly necessary. That mismatch makes the feature more dangerous in context because users are less likely to expect that their preferences, decisions, and other content will be written to local files.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation states that the agent has long-term memory and will automatically remember user preferences, decisions, and important information, but it does not provide a meaningful privacy warning, retention policy, or consent flow. Automatic collection of such data can expose sensitive personal or business information and creates a high-risk privacy issue because it persists across sessions without explicit user approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples perform file writes to ~/.openclaw/pv_palace/memories.json but do not clearly warn users that local files will be created and retained. This is dangerous because users or operators may unknowingly leave sensitive data on disk where it can later be accessed by other local processes, backups, or shared accounts.

Ssd 3

Medium
Confidence
94% confidence
Finding
The natural-language instructions direct the agent to persist and recall user-provided information across sessions, which is a real privacy-relevant capability. In this skill context, the danger is elevated because the memory behavior is framed as automatic and beneficial rather than as a controlled feature requiring user consent and data minimization.

Ssd 3

Medium
Confidence
95% confidence
Finding
The behavior table explicitly instructs automatic logging of user preferences and important decisions into persistent memory. This is dangerous because it operationalizes routine collection of potentially sensitive information and normalizes retention without any contextual consent, policy controls, or safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.