Security audit
mmxagent-skill-manager
Security checks across malware telemetry and agentic risk
Overview
This is a simple instruction-only skill that tells the agent to ask before installing or updating a short list of related OpenClaw/IM skills.
Before approving any suggested install or update, verify that the named downstream skill is from a publisher you trust, especially because this skill describes them as official. Do not approve downstream skills that request unexpected credentials, broad filesystem access, or unrelated capabilities.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
