Back to skill

Security audit

AI Intelligence Hub - Real-time Model Capability Tracking

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it overstates its live benchmark data and includes model-routing configuration changes that users should review carefully.

Install only if you treat this as a sample or mock recommendation tool rather than a verified live benchmark source. Review any OpenClaw config changes, Slack webhook scripts, cron jobs, and compute-router sync behavior before running them, and keep a backup or rollback path for existing model settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and demonstrates file read/write and network-capable operations, but the manifest does not declare any permissions. This undermines least-privilege review and can cause users or the host platform to trust a capability profile that is materially incomplete, increasing the chance of unauthorized filesystem or network access once the scripts are run.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially diverges from the stated purpose: it claims real-time leaderboard intelligence, but static analysis indicates hardcoded/mock data, scheduled local workflows, and writes into another skill's workspace/configuration. This is dangerous because users may grant trust or integrate it into automation under false assumptions, allowing unexpected cross-skill modification and decision-making based on fabricated or stale benchmark data.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The Privacy & Security section claims 'No external dependencies' while the skill's own description says it fetches external leaderboard data at runtime. Misrepresenting external connectivity reduces users' ability to assess supply-chain, privacy, and integrity risks, and may lead them to run the skill in environments where outbound network access is sensitive or prohibited.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script contains functionality to write a generated configuration file into another skill's directory under ~/.openclaw/workspace/skills/compute-router. Cross-skill modification creates an unexpected trust boundary violation: a benchmark utility can alter routing behavior elsewhere, which could silently influence model selection, cost controls, or downstream execution decisions if the function is invoked or later wired into the CLI.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This example performs a real configuration change to the user's OpenClaw settings without any warning that running it will modify local state. While not inherently malicious, documentation that encourages copy-pasting state-changing commands without disclosure can cause unintended configuration drift or outages in user workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This example transmits generated cost-change content to an external Slack webhook but does not warn users that data will leave their environment. Even if the payload seems operationally harmless, benchmark output or pricing context may still be sensitive in some organizations, and webhook endpoints themselves are sensitive secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example automatically switches the primary model configuration when spend crosses a threshold, but it does not warn users that running it can silently change production routing behavior. Automatic model changes can affect cost, quality, compliance, and application correctness in downstream systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The sync operation writes dynamic_config.json into another skill's directory without any user-facing warning, confirmation, or access control. Even though the helper is not exposed via the current CLI, its presence makes the skill more dangerous in this context because a benchmark tool should not silently mutate external configuration that can affect compute routing and potentially downstream security or cost decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.