Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Cron Health Check Zc
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed local cron-health reporting skill that reads OpenClaw cron job history and does not show hidden network, write, or destructive behavior.
Before installing, confirm the publisher and naming mismatch are acceptable. Use the scheduled cron example only if you want recurring agent-based monitoring, and avoid sharing outputs if job names or error logs may contain secrets, tokens, or private operational details.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
65/65 vendors flagged this skill as clean.