First-Principles-Deconstructor

Security checks across malware telemetry and agentic risk

Overview

This skill is a product and technology audit helper with limited disclosed handoff-file use and no executable code.

Before installing, understand that this skill may use prior agent output from ~/.openclaw/swarm_tmp/expert_output.json and save an audit report under ~/.openclaw/swarm_tmp/audit_report.json. Clear that handoff file if you do not want earlier task content to influence a new audit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage section defines very broad trigger phrases like 'research' and 'compare' without any scoping, namespace, or invocation constraints. In agent systems, underspecified triggers can cause accidental activation on ordinary user requests, leading to unintended behavior, misrouting, or the application of this skill in contexts where its aggressive evaluative style is not appropriate.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to read from and write to local filesystem paths under ~/.openclaw/swarm_tmp without any user notice, consent, or scope limitation. Even though the paths appear application-specific, this creates an unauthorized local data access and persistence channel that can expose prior task artifacts, enable unintended cross-task data flow, and leave sensitive audit outputs on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal