Advanced Collab Protocol

Security checks across malware telemetry and agentic risk

Overview

This collaboration skill is mostly coherent, but it tells agents to read private session history or thought process without clear disclosure, limits, or declared tool scope.

Review before installing. Use it only if you are comfortable with cross-agent messaging, shared handoff files, OpenClaw routing-config reads, and potential session-history access. Prefer disabling sessions_history or requiring explicit user/admin approval, narrow session scope, and logging before allowing this skill in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs agents to use `sessions_history` to retrieve an upstream agent's thought process or private chat history, but the documented prerequisites do not justify or constrain that access. This creates an unnecessary access path to potentially sensitive internal deliberations, user data, or credentials shared in prior conversations, violating least-privilege expectations.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The document claims a least-privilege model by limiting agents to specific tools, but later expands behavior to include broader history retrieval through `sessions_history`. This inconsistency is dangerous because it can mislead operators into believing the protocol is tightly scoped while still enabling access to sensitive historical context outside the immediate task.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill says the protocol should be executed when prerequisites are met, but it does not define concrete activation conditions, exclusions, or allowed task types. In a multi-agent environment, ambiguous invocation scope can cause the protocol to activate too broadly, leading agents to read files, message groups, or hand off tasks in situations where those actions are unnecessary or unsafe.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill directs agents to inspect private chat history and thought process without any user-facing notice, consent mechanism, or privacy boundary. That creates a significant privacy and data-governance risk because users and operators may not expect collaborative routing logic to grant access to prior private exchanges or internal reasoning artifacts.

Ssd 3

High

Confidence: 98% confidence
Finding: The protocol plainly instructs agents to retrieve another agent's private chat history or thought process, which is a direct confidentiality violation. In this context, the danger is elevated because the skill is specifically designed for multi-agent collaboration, making cross-agent data access operationally likely and scalable across many sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal