Model Tester

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local model-testing helper that runs predefined OpenClaw prompts and reads OpenClaw logs to report model-routing details.

Install only if you are comfortable with it invoking OpenClaw agents or models under your current account and briefly reading OpenClaw logs. Review custom test cases before use and run it when unrelated sensitive OpenClaw activity is not active.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation describes capabilities to read test-case files, write JSON output, and invoke shell commands (`python3`, `openclaw logs`, `openclaw agent`) but does not declare any permissions. This creates a trust and containment gap: an orchestrator or reviewer may treat the skill as lower risk than it really is, while the implementation can still access files, spawn processes, and capture operational log data.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal