Azure DevOps

Security checks across malware telemetry and agentic risk

Overview

This Azure DevOps skill is transparent and purpose-aligned, but users should treat the saved Azure DevOps token as a sensitive credential.

Install only if you are comfortable giving the agent an Azure DevOps PAT. Use a dedicated least-privilege token limited to the needed organization, projects, and actions; avoid full-access PATs; protect or remove ~/.openclaw/openclaw.json when no longer needed; and manually confirm any command that creates or changes Azure DevOps resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to persist a Personal Access Token in a local config file, but does not warn about local secret storage risks such as plaintext exposure, file permission issues, backups, shell history, or later disclosure by other tools. Storing long-lived credentials on disk increases the blast radius if the host or user profile is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal