OC Context Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed runtime optimizer, but it can automatically change conversation context and tool execution behavior across agents without enough safeguards.

Review before installing in a shared or production OpenClaw environment. Enable only with administrator-controlled scope, audit logs or diffs for compaction, redaction of secrets and sensitive paths, and conservative handling of retries and parallelism for tools that write, send, delete, or call external services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises automatic conversation compression and summarization that occurs without agent awareness, but does not warn users or administrators about the resulting loss of fidelity, possible omission of important context, and privacy implications of transforming conversation history. Because this is a system-level runtime optimizer affecting all agents, silent summarization can change agent behavior globally and make debugging, safety review, and user expectation management harder.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that tool calls may be executed in parallel with automatic retry, but does not warn about concurrency hazards such as duplicate side effects, ordering violations, race conditions, and repeated execution of non-idempotent operations. In a runtime-level component used transparently by all agents, this can amplify the blast radius of mistakes by changing execution semantics for every tool-using workflow.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The browser category includes the keyword "打开" (open), which is extremely broad and commonly appears in many benign requests unrelated to browser automation. In a deferred tool-loading system, this can cause unnecessary or unintended activation of the browser tool, expanding capability exposure and increasing the chance that later agent logic uses a powerful tool when it was not actually needed.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The keyword "message" is too generic to safely trigger Feishu chat tooling because it overlaps with ordinary conversational language and system messaging concepts. This can cause chat-related tools to be loaded for unrelated prompts, broadening access to message search/send capabilities and increasing the risk of unintended data access or outbound communication.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The compactor copies and condenses prior conversation content, including user text and extracted file references, into a new retained message that persists into future context. If earlier messages contain secrets, personal data, credentials, file paths, or other sensitive content, the summary can unnecessarily prolong retention and increase the chance of later disclosure to the model, tools, logs, or downstream outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal