SolidPod-Data

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Solid Pod management skill whose sensitive read, write, delete, and access-control abilities match its stated purpose.

Install only if you intend to let OpenClaw operate on your Solid Pod. Use least-privilege Solid client credentials, verify target URLs and WebIDs before write/delete/ACL commands, and consider pinning dependencies for high-assurance environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares no explicit permissions while its documented behavior clearly requires access to environment variables and outbound network connectivity. That mismatch can mislead operators and policy engines about the skill's real capabilities, reducing transparency around its ability to use credentials and contact arbitrary user-supplied endpoints. In this context, the danger is amplified because the skill handles sensitive OIDC client credentials and can modify remote pod data and ACLs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The description understates or misstates materially sensitive behaviors: deletion of pod resources, reading arbitrary non-RDF resources, creating tool-specific containers and indexes, and writing access-request records. It also claims pod creation support while only printing manual instructions, which can cause users and reviewers to misunderstand both the destructive scope and data mutation footprint of the skill. In a skill that manages personal data stores and access control, incomplete or inaccurate disclosure increases the risk of unintended destructive actions or privacy-impacting writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal