Daily-Observatory Lite

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: create OpenClaw status, mood, and task reports, with optional scheduled Telegram delivery after the user configures it.

Install only if you are comfortable with OpenClaw workspace status, task summaries, and mood-derived report data being saved locally and, after you set a real Telegram chat ID, sent through Telegram. Leave the placeholder chat ID or disable Telegram for local-only use, and avoid adding the cron entries unless you want recurring unattended delivery.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 76% confidence
Finding: The documentation indicates capabilities equivalent to shell execution, file reads/writes, and scheduled unattended operation, but no permissions are declared. That creates a trust gap where users may install a skill without understanding it can inspect local state, modify files, and trigger external delivery flows. In a health/mood monitoring skill, these capabilities are broader than minimally necessary unless explicitly declared and constrained.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill is presented as a daily observatory for health and mood tracking, but the documented behavior extends to outbound Telegram transmission, local report writing, workspace-wide document reads, and agent/skill enumeration. That mismatch is dangerous because users may consent to benign monitoring while unknowingly enabling broader collection and exfiltration of operational or personal data.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README promotes automatic Telegram delivery of health, task-status, and mood-tracking outputs to an external service without warning that these messages may contain sensitive operational or personal data. In this skill context, the pushed content appears likely to include system state, stalled task details, and emotion-derived summaries, so the omission increases the risk of unintended data exposure through misconfiguration or over-sharing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises automatic Telegram pushes and analysis of health and mood signals without a clear privacy notice or warning that potentially sensitive status data will be transmitted externally. Users could expose personal sentiment, task status, or system metadata to third-party messaging channels without informed consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup instructions encourage cron-based unattended execution with --deliver, but do not warn that the skill will run automatically and send messages externally on a schedule. Unattended operation increases the risk of repeated leakage, unintended persistence, and users forgetting the skill is still active after installation.

Missing User Warnings

Medium

Confidence: 77% confidence
Finding: The report written to disk includes emotion-tracking and system-state data, which can be sensitive behavioral and operational information. Storing this data locally without explicit user disclosure, retention controls, or opt-in increases the risk of unintended exposure to other local users, backups, or later compromise of the host.

Missing User Warnings

High

Confidence: 92% confidence
Finding: The skill transmits the full daily report, including emotion-tracking and system-health information, to Telegram when enabled. Sending personal and operational data to a third-party messaging service without explicit warning, consent, or data minimization creates a meaningful privacy and confidentiality risk, especially because chat destinations can be misconfigured or externally controlled.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The function forwards message content and destination identifiers to an external messaging channel without any visible consent, disclosure, or policy checks. In a health-check and mood-tracking context, this is more sensitive because alerts may contain personal or health-related information, creating privacy and data-handling risk.

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash # 修正 crontab（如果沒有自動設定） crontab -e # 加入： # 0 8 * * * openclaw agent --agent daily-observatory-lite --message "run" --deliver # 0 23 * * * openclaw agent --agent daily-observatory-lite --message "run" --deliver
Confidence: 84% confidence
Finding: crontab -e

VirusTotal

No VirusTotal findings

View on VirusTotal