Shield Cn

Security checks across malware telemetry and agentic risk

Overview

This is a user-run local security helper that scans chosen files and writes local reports/logs, with some documentation gaps but no hidden exfiltration or destructive behavior found.

Install only if you are comfortable with a local script scanning the workspace you choose and saving local reports/logs under ~/.openclaw. Do not scan your whole home directory unless intended, review or delete saved reports/logs when finished, and do not rely on block mode as a full enforcement control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises executable scripts and local scanning/reporting behavior, but the manifest shown in SKILL.md does not declare corresponding permissions. Undeclared file read, file write, and shell capabilities create a transparency and review gap: an operator may install a 'security' skill without realizing it can inspect local files and execute commands.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented purpose frames the skill as defensive filtering, but the described behavior expands into broader host inspection, AGENTS.md evaluation, local report generation, and persistent logging under the user's home directory. That mismatch matters because users may consent to prompt-defense features without understanding the skill also inventories local content and stores derived security data on disk.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script writes reports to a persistent location under the user's home directory by default (`~/.openclaw/reports/shield-cn`). Because the report can include file paths and redacted excerpts of detected secrets, this creates unnecessary data retention outside the workspace and may expose sensitive audit metadata to other local users, backups, or later processes.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documented security behavior for block mode does not match the implementation. Users may rely on the tool to stop unsafe operations with a confirmation workflow, but the code only prints a warning after detection and does not enforce any actual pre-execution block/confirm control, creating a fail-open protection gap.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script writes threat results and a slice of user-provided context to a persistent local log file under the user's home directory. Because security scans often process sensitive prompts, credentials, personal data, or incident details, this can create a secondary data exposure channel through log files with unclear retention and access controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal