Security audit

Linsoai Track

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed scheduling and notification skill with no executable payload, but users should review persistent jobs and external notification destinations before using it.

Install only if you want OpenClaw to create tasks that run automatically later. Before enabling or importing tasks, review the schedule, task text, notification channel, webhook URL, and any external systems the task may contact. Avoid placing secrets in task descriptions or notification bodies, protect bot tokens and SMTP credentials, and regularly list, pause, or delete tasks you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The README tells users to directly describe any task in natural language and says the skill will automatically parse and create scheduled jobs, but it does not define what kinds of requests are in scope, what actions are disallowed, or when explicit confirmation is required. In a scheduling skill, broad trigger guidance is risky because vague user prompts can be turned into persistent automated actions that repeatedly access external systems or send notifications without clear user understanding.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation promotes automatic task creation and bulk migration/import but does not warn that these operations create persistent background jobs and may send data or alerts to external channels such as Telegram, Feishu, Discord, Slack, or email. That omission can cause users to unintentionally authorize ongoing automation, repeated network activity, and outbound notification flows that expose operational or personal information.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description uses very broad scheduling and automation keywords, which can cause the platform to invoke this skill for loosely related user requests. Because the skill can create and manage persistent scheduled actions, unintended invocation could lead to accidental task creation, modification, or notification setup without the user clearly intending to use this capability.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill exposes destructive and side-effecting operations such as delete, edit, resume/pause, and manual execution, but provides no requirement for confirmation, task identity verification, or dry-run preview. In a scheduling context, this is dangerous because a misinterpreted request or ambiguous task name could cause irreversible task deletion or trigger unintended automated actions immediately.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The webhook examples explicitly instruct sending task summaries and alerts to external servers, but the documentation does not warn that task results may contain sensitive data or that users should verify the destination and data minimization. In a scheduling/monitoring skill, automated notifications can forward operational details, secrets, or personal data off-platform, creating a real data disclosure risk.

External Transmission

Medium

Category: Data Exfiltration
Content: ### 在任务中使用 ``` "...如果{条件}，用 curl 发送 POST 请求： curl -X POST https://your-server.com/webhook \ -H 'Content-Type: application/json' \ -d '{\"event\": \"task_alert\", \"message\": \"{摘要}\"}'"
Confidence: 91% confidence
Finding: curl 发送 POST 请求： curl -X POST https://your-server.com/webhook \ -H 'Content-Type: application/json' \ -d '{\"event\": \"task_alert\", \"message\": \"{摘要}\"}'" ``` ### 带认证的 Webhook ``` "...用 curl

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal