ZworkerAgentSkillOpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local controller for zworker, but users should trust zworker before letting it route messages or run automations.

Install only if you trust the local zworker app and understand its tasks, schedules, and notification content. Prefer explicit channel and userid routing, review enabled schedules periodically, and avoid using the notification fallback in shared or multi-user channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs reading channel and userid data from the host environment and synchronizing it to another local service, but it does not clearly warn the user that personally identifying routing data will be transferred. This undermines informed consent and may expose sensitive identifiers to a separate process that could retain, misuse, or further transmit them.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill may forward notifications to a default-bound or most recent user when userid is empty, but it does not clearly warn about this fallback behavior. That creates a real risk of misdelivery of potentially sensitive messages to the wrong recipient, especially in multi-user or shared-channel environments, turning notification forwarding into an information disclosure issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal