Back to skill

Security audit

PV_37

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks the agent to automatically save and reuse local memories about user preferences and decisions without enough consent or cleanup controls.

Review before installing. Use this only if you are comfortable with the agent saving and later reusing local notes about your preferences, decisions, and important information. Avoid sharing sensitive crisis, PR, personal, political, or business details unless you can inspect and delete ~/.openclaw/pv_palace/memories.json yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is advertised as a public-opinion/crisis-PR tool, but most of the implemented functionality is a persistent local memory system that stores and retrieves user data across sessions. This mismatch is dangerous because it can mislead users and reviewers about the actual data-processing behavior, reducing informed consent and increasing the chance of covert retention of sensitive information unrelated to the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly enables persistent collection of user preferences, decisions, and other information without showing a clear need tied to crisis-PR functionality. Storing such data across sessions creates privacy and profiling risk, especially if users share sensitive personal, political, or organizational information during crisis-related interactions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill claims it will automatically remember user preferences, decisions, and important information persistently, but it does not provide a meaningful privacy notice, retention policy, or disclosure of the sensitivity of stored data. Automatic, undeclared persistence can capture personal or confidential information and expose users to surveillance, data leakage, or unauthorized reuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documented usage scenarios instruct the agent to automatically store preferences and decisions and to reload memory in new sessions, all without explicit consent or disclosure at the moment of collection. Because these actions happen by default and across sessions, they materially increase privacy risk and make it easy to retain sensitive information unexpectedly.

Ssd 3

Medium
Confidence
94% confidence
Finding
The natural-language instructions direct the agent to automatically retain user-provided information and reuse it in future interactions, creating cross-session state without explicit consent boundaries. In a crisis-PR context, users may share sensitive reputational, political, legal, or business information, making automatic retention particularly risky.

Ssd 3

Medium
Confidence
95% confidence
Finding
The usage guidance operationalizes automatic storage and retrieval of prior user information in new sessions, turning persistent memory into standard behavior rather than an exception. This increases the likelihood of over-collection and silent reuse of sensitive data, especially given the mismatch between the skill's declared purpose and its actual memory-centric behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.