Build Opportunity Scout

Security checks across malware telemetry and agentic risk

Overview

This skill runs a small local script that turns one declared trend-data file into two declared report files.

Install this if you are comfortable running a local Python script that reads the harvested trend file and overwrites the two opportunity report files in the OpenClaw workspace. Back up those outputs first if they may contain work you want to keep.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill reads from and writes to files under the workspace, but the manifest does not declare those permissions. This creates a trust and review gap: operators may approve or run the skill without understanding its actual data access, and future code changes could expand file operations without any manifest-level warning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal