Skill Security Scanner by dxx

Security checks across malware telemetry and agentic risk

Overview

This skill is a local scanner that reads installed OpenClaw skill files for risky patterns and does not show hidden network, credential, destructive, or persistence behavior.

Install this only if you want a local scanner to inspect the contents of installed OpenClaw skills. Run it intentionally and expect it to read skill files under your OpenClaw skills directory and print matching lines for issues it finds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger keywords and conditions are broad enough to activate on ordinary conversation about checking skill safety, which can cause the skill to run unexpectedly. Unintended activation is risky here because the skill is described as scanning installed skills and invoking a local Python script, potentially exposing local data or causing unnecessary command execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal