Back to skill

Security audit

Hire

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate agent-setup helper, but it can make persistent configuration, permission, shared-memory, and scheduled-task changes that deserve review before use.

Install only if you are comfortable reviewing and approving the generated agent files, shared USER.md/MEMORY.md links, OpenClaw config patch, main-agent allowlist change, restart behavior, and any cron schedule. Prefer running it only for explicit '/hire' or create-agent requests, and inspect the exact config and cron changes before allowing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill directs automatic modification of the global OpenClaw configuration and expansion of the main agent's allowed subagents, which changes system-wide behavior beyond merely creating a new agent. In a hiring wizard context, silently editing gateway config and permissions can grant persistent capabilities or broaden delegation paths without a clearly scoped approval step.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs creation of cron jobs for recurring reviews, introducing persistent scheduled execution rather than a one-time hiring workflow. That adds ongoing automation and future agent activity that may surprise users or be abused if the scheduled review process gains access to sensitive context or operational permissions.

Vague Triggers

High
Confidence
91% confidence
Finding
The manifest description includes broad triggers such as 'I need help with X,' which can match many ordinary conversations unrelated to creating a new agent. Overbroad activation increases the chance the skill runs in the wrong context and begins file creation, configuration edits, or permission changes the user did not intend.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The 'When to Use' section repeats ambiguous examples like 'I need help with X' and 'Let's add someone to the team' without exclusion criteria or a confirmation gate. In context, this is risky because the skill can progress from casual discussion into creating files and mutating config, making accidental invocation more harmful.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill instructs automatic generation of agent directories and default linking of shared USER.md and MEMORY.md without an upfront warning that workspace state and context exposure will change. Users may unknowingly create persistent artifacts and grant the new agent access to shared identity and memory files containing sensitive information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill mandates automatic OpenClaw configuration changes and restart behavior without a clear user-facing warning that system behavior, routing, and agent permissions will be modified. Hidden or implicit system mutation is especially dangerous here because the skill is framed as a conversational hiring assistant rather than an administrative config editor.

Ssd 3

Medium
Confidence
90% confidence
Finding
By default, the skill links new agents to shared USER.md and MEMORY.md, broadening access to user and team context for every newly created agent. In a hiring workflow, default context inheritance increases unnecessary data exposure and may leak sensitive operational or personal information to agents that do not need it.

Session Persistence

Medium
Category
Rogue Agent
Content
1. **"Want to set up periodic performance reviews?"**
   - If yes: ask preferred frequency (weekly, biweekly, monthly)
   - Create a cron job that triggers a review conversation
   - Review covers: what went well, what's not working, scope/permission adjustments
   - At the end of each review, ask: "Want to keep this schedule, change frequency, or stop reviews?"
Confidence
86% confidence
Finding
Create a cron job that

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.