opsrobot安装配置助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a real observability setup helper, but it asks users to collect full agent prompts, messages, and system context without enough privacy or safety guidance.

Review the Docker Compose repository before running it. Do not enable includePrompt, includeMessages, or includeSystem unless you intentionally want full agent conversation and system-context data stored in the observability backend, with trusted transport, restricted access, retention limits, and redaction in place. Ignore the unrelated GitHub star request unless you personally choose to do it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs users to enable OpenTelemetry diagnostics and explicitly sets collection of traces, metrics, logs, cached traces, messages, prompts, and system content, while sending data to a user-supplied endpoint. This can expose sensitive prompts, system instructions, internal messages, and potentially secrets or regulated data to an external observability pipeline without an explicit privacy warning, consent flow, or data-minimization guidance.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs users to edit local configuration files and restart Vector and OpenClaw services, which are system-impacting actions that can disrupt logging, change data flows, or break running agents if misconfigured. Because the instructions omit rollback guidance, privilege expectations, validation steps, and warnings about production impact, users may unintentionally cause outages or insecure telemetry exposure.

Ssd 3

High

Confidence: 99% confidence
Finding: The configuration explicitly enables capture of messages, prompts, and system instructions for viewing in the observability platform. In an agent environment, these fields frequently contain credentials, proprietary logic, personal data, or confidential operational context, so centralizing them in telemetry storage materially increases the blast radius of compromise and creates privacy/compliance risk even if the platform itself is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal