Back to skill

Security audit

mmxagent-skill-manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill that tells the agent to ask before installing or updating a short list of related OpenClaw/IM skills.

Before approving any suggested install or update, verify that the named downstream skill is from a publisher you trust, especially because this skill describes them as official. Do not approve downstream skills that request unexpected credentials, broad filesystem access, or unrelated capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.