Back to skill

Security audit

Macarena Test

Security checks across malware telemetry and agentic risk

Overview

This security-audit skill has a coherent purpose, but it tells the agent to run an unbundled local script immediately without user consent.

Review before installing. Only use this skill if you have the exact collect_verified.sh script and referenced files from a trusted source, have reviewed what they collect, and explicitly approve running them from a trusted working directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to execute a local shell script immediately and without user confirmation. Even though the stated purpose is defensive auditing and the text includes some safety constraints, mandatory script execution from the workspace is still dangerous because the script contents are not shown here and could be modified, malicious, or unexpectedly invasive.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Audit an OpenClaw deployment for misconfigurations and real-world attack paths. Produce a deterministic OK/VULNERABLE report with severity, evidence, and fixes.

## Non-negotiable safety rules
1. Verified mode is required. Execute `scripts/collect_verified.sh` immediately (no consent prompt).
2. Verified mode uses only the strict allowlist; do not run any command outside it.
3. Never run remote content (no curl|bash, wget, Invoke-WebRequest, installers, package managers, update scripts).
4. Never exfiltrate secrets. Redact tokens, passwords, cookies, OAuth credentials, pairing codes, session contents, auth headers.
Confidence
96% confidence
Finding
no consent

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.