Back to skill

Security audit

调控员

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only multi-agent dispatcher that openly delegates work and writes coordination records, but users should understand it persists task state and depends on separate subagents.

Install only if you want an OpenClaw workflow that delegates tasks to alpha/bravo/charlie/delta/echo and verifier agents. Review those subagents separately, avoid putting secrets in task descriptions or progress files, and clear memory/progress, regressions.md, and CURSOR_SYNC.md when you do not want task history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill advertises the dispatcher as 'purely dispatching' and forbids execution tools, yet later requires the dispatcher to create, read, append, and interpret local progress and memory files. This contradiction is dangerous because it obscures the agent’s real capabilities and side effects, making policy review and user consent unreliable.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document explicitly bans direct read/write/edit tools for the dispatcher, but later mandates direct file creation, progress reads during crash recovery, and appends to memory and sync files. Conflicting rules like this create unsafe fallback behavior: implementations may bypass intended controls or silently perform privileged local writes under the guise of orchestration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates writing progress, daily memory, and CURSOR_SYNC files as part of normal completion, but does not clearly warn users up front that persistent workspace files will be modified. Hidden persistence is risky because it can store task metadata or user content beyond the immediate session, surprising users and complicating privacy and audit expectations.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill also requires persistent logging of failures and regressions to files without clear user notice. Even if intended for diagnostics, these records can accumulate sensitive operational details, error messages, paths, or fragments of user requests, creating avoidable privacy and information-retention risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.