Kai Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly coherent skill-building helper, but it teaches users to omit external API URLs from documentation to avoid scanner flags while also guiding persistent skill enablement and publishing.

Use this only as a template helper, not as security guidance. Before installing or using generated skills, review all copied template files, remove unrelated code, document external services and data flows honestly, avoid storing real secrets in examples, and only enable or publish a skill after confirming its behavior and permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Self-Modification

High

Category: Rogue Agent
Content: cp -r /home/kai/.openclaw/workspace/skills/kai-minimax-tts /home/kai/.openclaw/workspace/skills/<NEW_SKILL> ``` ### 2. Edit SKILL.md **CORRECT FRONTMATTER:** ```yaml
Confidence: 84% confidence
Finding: Edit SKILL

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: kai-skill-creator description: Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from template to published skill. metadata: openclaw: requires:
Confidence: 78% confidence
Finding: Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from template to published skill. metadata: opencla

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal