Security audit

Pulse Board

Security checks across malware telemetry and agentic risk

Overview

Pulse Board is a disclosed cron digest tool, with real privacy considerations around logs but no artifact-backed malicious or deceptive behavior.

Install only if you are comfortable with a user-level cron tool that stores job output locally and may send log-derived content to Telegram, Discord, or your configured OpenClaw agent. Use a local-only agent for sensitive environments, avoid logging secrets from wrapped jobs, and protect any webhook or bot-token configuration files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill description understates several sensitive behaviors: rewriting crontab entries, sourcing a secrets env file into wrapped jobs, and modifying a secrets env file. These actions create persistence and broaden secret exposure, so incomplete disclosure can cause users to install a skill without understanding its operational and security impact.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The changelog documents that the raw log is 'never sent externally' while later entries explicitly disclose that the raw pending log is included in the LLM prompt and may be transmitted off-host when a remote/cloud provider is used. This is a real security and privacy documentation flaw because operators may rely on the earlier statement and expose sensitive log data under a false assumption.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: This contradictory statement understates data egress risk: users reading the design notes could believe logs remain local even though later disclosures admit cloud-backed agents may receive the content. In a logging/digest skill, that misunderstanding is significant because logs often contain operational details and sometimes secrets.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script truncates pending.log unconditionally after attempting delivery, even when deliver.sh fails. This can permanently destroy queued operational events and error evidence, causing silent data loss and preventing retries or investigation.

External Transmission

Medium

Category: Data Exfiltration
Content: It may add `LLM_API_KEY=ollama` and `OPENCLAW_WORKSPACE=<path>` if missing. ### Network - **Telegram:** `POST https://api.telegram.org/bot<token>/sendMessage` - **Discord:** `POST <your webhook URL>` - **OpenClaw agent:** `openclaw agent --agent <id> --message <prompt> --json` (local gateway call) ⚠️ The raw log is included in the prompt. If your agent uses a remote/cloud LLM, log content will be transmitted off-host. Use a local-only agent if log privacy is required.
Confidence: 91% confidence
Finding: https://api.telegram.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal