wordpal-个性化专业英语学习助手

Security checks across malware telemetry and agentic risk

Overview

WordPal is a disclosed vocabulary-learning skill that stores study progress locally and optionally schedules reminders when the user enables them.

Install if you are comfortable with WordPal using recent OpenClaw memory summaries to personalize word choices, keeping vocabulary progress in a local database, and creating recurring study reminders only when you choose push times.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The onboarding requires the assistant to introduce the product in Chinese before collecting information, regardless of the user's language preference. This can override user autonomy and create a poor or exclusionary experience for non-Chinese-speaking users, though it is not a direct code-execution or data-exfiltration risk. In this context, the issue is somewhat mitigated because the skill description itself is Chinese and appears targeted at Chinese users, but the hard requirement still makes the behavior inflexible and policy-sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal