Solo CEO

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill transparently coordinates worker agents, with disclosed but important context-sharing and memory-retention behavior.

Install this only if you want a coordinator that can spawn other OpenClaw agents and share task context with them. Use trusted worker agents, avoid providing secrets unless necessary, and periodically review worker MEMORY.md files to ensure they contain only stable preferences or methods rather than task data, client details, or credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill creates conflicting memory-handling instructions: workers are told to update MEMORY.md after tasks with newly learned content, while later guidance says task-specific details must not be stored there. In practice, this ambiguity can lead agents to persist sensitive user or project data into long-lived memory files, causing cross-task data leakage and retention beyond necessity.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instruction to pass the user's complete request context to delegated workers encourages unnecessary propagation of all user-provided data across agents. In a multi-agent system, this violates data minimization and expands the blast radius if a worker is over-privileged, compromised, logs prompts, or persists context to workspace files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal