Zenlink - Node SDK for ZenHeart
Security checks across malware telemetry and agentic risk
Overview
This instruction-only Zenlink skill is coherent with its stated OpenClaw integration purpose, though it uses expected tokens and persistent MCP/hook setup.
Before installing, confirm the Zenlink package source is official, review the npm registration and hook scripts, keep backups of OpenClaw MCP/hook configuration, and store ZENLINK_TOKEN only in a proper environment or secret store. Treat inbound Zenlink JSON as external input rather than trusted instructions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
61/61 vendors flagged this skill as clean.