Skill Scoreboard

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a local usage scoreboard, but it also includes under-disclosed code that can scan OpenClaw gateway logs and persist usage/error history.

Install only if you want local tracking of skill usage and are comfortable with persistent records under ~/.skill_scoreboard. Review the scripts before enabling cron automation, avoid recording secrets in error messages, and do not run parse_gateway_logs.py unless you are comfortable with it reading local OpenClaw gateway logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation instructs use of shell commands and persistent file reads/writes (`~/.skill_scoreboard/...`) but does not declare corresponding permissions. This creates a capability mismatch that can bypass user/operator expectations and lead to unauthorized filesystem access, log creation, or command execution if the platform relies on declared permissions for trust and review.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger set includes broad everyday phrases such as '今天情况如何' and '工作流复盘', which are likely to match unrelated conversations. Over-broad activation can cause the skill to run unexpectedly, exposing logs, statistics, or shell-backed behavior in contexts where the user did not intend to invoke this capability.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises recording call results and error logs but provides no warning that these logs may contain user inputs, stack traces, file paths, tokens, or other sensitive data. Persistent storage of such data in predictable locations increases privacy and security risk, especially when combined with historical reports and detail views.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script reads raw gateway logs from /tmp/openclaw and processes message contents, which may contain sensitive prompts, tokens, URLs, or user data. Because the code extracts and forwards derived values to downstream processing without minimization or explicit safeguards, it increases the risk of unintended exposure of sensitive operational data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code stores up to three examples of raw message content from logs in memory for reporting, preserving snippets of potentially sensitive user text. Even truncated examples can leak secrets, personal data, internal URLs, or confidential workflow content if later printed, stored, or transmitted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal