jisuai-auto

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal OpenClaw model-provider setup helper, but it handles API credentials and rewrites local configuration in ways users should review first.

Install only if you are comfortable with this skill writing your OpenClaw config and storing the API key locally in plaintext. Prefer a limited-scope or disposable key, avoid pasting production credentials into chat or shell commands, review the target openclaw.json path before running it, and keep a backup so you can restore your previous provider settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs extraction and direct use of an API key from user messages without any warning about sensitive credential handling, redaction, or storage risks. In this context, the agent may expose secrets in logs, command history, chat transcripts, or error output while processing the key.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents automatic modification of openclaw.json, including changing the default model provider, but does not warn the user that existing settings will be altered. This can cause unintended configuration drift, service disruption, or replacement of a previously trusted provider with a third-party endpoint.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script persists the supplied API key into a local JSON config file on disk without any warning, consent flow, or protection mechanism. Storing long-lived credentials in plaintext increases exposure to other local users, malware, backups, and accidental disclosure, especially because this skill is specifically designed to configure a third-party API provider for routine use.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Accepting the API key via a command-line argument exposes the secret through shell history, process listings, audit logs, and monitoring tools. This is especially risky for an API configuration utility, because users are likely to paste real production credentials exactly as instructed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal