Security audit

Consulting Agent Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local-file workflow for coordinating consulting and research agents; its main risks are expected project-file writes and optional notes outside the project folder.

Install only for projects where shared local files are appropriate. Before using it, set project-specific output paths, remove or disable Obsidian backup paths if that vault syncs or is shared, and keep client secrets or confidential retrospectives out of ~/.openclaw/workspace/memory. Review receiver paths in AGENT_REGISTRY.yaml before enabling any automatic handoff routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs writing retrospective notes to `~/.openclaw/workspace/memory/YYYY-MM-DD.md`, which is a global path outside the project boundary. This creates a cross-project data leakage risk because sensitive project lessons, client context, or internal decisions can persist in a shared memory store and become visible to unrelated future tasks or agents.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The spec explicitly describes automatically pushing handoff documents to agent-specific read paths based on registry metadata, but it does not define any confirmation step, authorization check, destination allowlist, or sensitivity classification before routing. In this skill's context, the pipeline is specifically meant to move work across multiple agents and prevent sensitive internal codenames from leaking, so unattended routing increases the chance of misdelivery, oversharing to the wrong agent, or propagation of sensitive project material to external platforms.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The template explicitly instructs agents to write output files into project and Obsidian directories, but it provides no warning, confirmation step, or scope restriction around modifying local data. In an agentic workflow, this can cause unintended file creation or overwrites, especially if placeholders are populated incorrectly or the agent operates with broad filesystem access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The template directs Orion to update PROJECT_STATE.yaml to mark research as completed, which alters workflow state metadata that downstream agents may trust. Without an approval gate or validation rules, an agent could incorrectly advance project state, causing premature execution of later phases or masking incomplete work.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The template explicitly instructs an agent to directly write output files into local project and Obsidian paths, but it does not require user confirmation, path validation, or any safety boundary around filesystem modification. In a multi-agent workflow, this increases the risk of unintended local file creation or overwriting, especially when path variables are populated dynamically or come from loosely controlled project context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal