Security audit

skill_install

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate OpenClaw skill installer, but its ZIP installation path has a serious path-traversal risk and its safety claims appear stronger than the implementation evidence supports.

Install only if you trust the ZIP source and can tolerate a privileged local installer modifying your OpenClaw skills directory. Avoid arbitrary ZIP files until path traversal is fixed, and prefer signed or known-good packages with a reviewed file list before installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documentation makes strong claims about validation, source trust, file search, and interactive selection that the static analysis says are not actually implemented. This can create a false sense of safety, causing users to install untrusted ZIP files believing they were source-validated or structurally vetted when they were not.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to run a destructive `rm -rf` command to remove an installed skill, but it does not include an explicit warning about irreversible deletion or advise verifying the expanded path first. Because the path contains a wildcard under a package-manager-controlled tree, a user could delete more than intended if they adapt the command incorrectly or run it in an unexpected environment.

Session Persistence

Medium

Category: Rogue Agent
Content: - Python 3.6 or higher - OpenClaw installed (via npm or nvm) - Sufficient permissions to write to OpenClaw skills directory ## Error Handling
Confidence: 86% confidence
Finding: write to OpenClaw skills directory ## Error Handling ### Common Errors **Error**: `❌ 未找到 OpenClaw 安装位置` - **Solution**: Install OpenClaw first using `npm install -g openclaw` **Error**: `❌ ZIP 文件不

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal