Back to skill

Security audit

Aios Transfer File

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed S3-based file transfer helper with clear senderId isolation and no evidence of hidden exfiltration or destructive behavior.

Install only in the intended controlled AIOS/OpenClaw environment. Use least-privilege S3 credentials, restrict the configured inbox/outbox buckets, confirm senderId is available before transfers, and treat uploads as sending current-session files to external S3-compatible storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill manifest uses a broad default prompt and enables implicit invocation for file transfer behavior without clearly constraining when transfers are allowed. In an agent environment, this can cause unintended downloads or uploads based on loosely matched prompts, increasing the risk of unauthorized data movement or exfiltration from the current senderId workspace.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest describes downloading and uploading user-associated files but provides no user-facing warning or consent language about data movement. This is dangerous because users or higher-level orchestration layers may not realize local workspace files will be transmitted to external S3-compatible storage, creating privacy, compliance, and accidental exfiltration risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.