Skill Router Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill-discovery helper that reads local skill indexes, searches ClawHub, and updates a local index in ways that fit its purpose.

Before installing, expect this skill to read your local skill index, scan SKILL.md files in common skill folders, run clawhub search for missing matches, and update ~/.openclaw/skills/INDEX.md after installs. Review the generated index if you care about exposing local skill names, descriptions, or paths to future agent sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list is very broad, including phrases like "what skill" and "skill for," which can cause the router to activate in conversations where the user is not actually asking to enumerate or search skills. Unintended invocation is risky because this skill instructs the agent to read local indexes and potentially run external search commands, expanding access and actions beyond what the user may have intended.

Session Persistence

Medium

Category: Rogue Agent
Content: find ~/.openclaw/skills ~/mind_claw ~/.codex/skills ~/.cursor/skills-cursor -name "SKILL.md" 2>/dev/null ``` Extract name and description from each SKILL.md frontmatter, then write to `~/.openclaw/skills/INDEX.md` with this format: ```
Confidence: 90% confidence
Finding: write to `~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal