Back to skill

Security audit

AI Agent Skills Manager - 智能体技能管理工具

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw skill installer, but it installs unpinned third-party skills into an auto-loaded agent skills directory and documents an optional privileged system-wide install.

Review the external repository and each skill folder before installing. Prefer installing from a pinned commit or signed release, avoid the sudo system-wide install unless necessary, and be prepared to remove copied folders from ~/.openclaw/skills if agent behavior changes unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation instructs users to copy an executable into /usr/local/bin using sudo, which modifies a system-wide executable path with elevated privileges. While this is a common installation pattern, omitting a warning about privilege use and system modification increases the risk that users run an untrusted or unreviewed script as root, potentially causing broader system compromise if the script is malicious or replaced.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation tells users to clone a remote repository and recursively copy skill directories into ~/.openclaw/skills without warning that existing local files may be overwritten or changed. In the context of agent skills, replacing local skill content can silently alter future agent behavior, introduce unreviewed instructions, or break existing setups.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script fetches code from a remote GitHub repository into /tmp and copies it into the user's OpenClaw skills directory without clear warning, consent flow, integrity verification, or pinning to a trusted commit. In a skill-manager context, this is more dangerous because installed skills may later be auto-loaded by the agent platform, turning an unverified network fetch into persistence of potentially malicious content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.