Capability Awareness System

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill-discovery helper; its main risk is trusting other installed skills, not hidden malicious behavior in this package.

Install this only if you trust the skills already present in your OpenClaw skill directories. This package may cause the agent to read and act on another installed skill's instructions when that skill appears relevant, so review local skills and remove any you would not want the agent to follow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance tells the agent to read and follow a skill whenever exactly one skill 'clearly applies,' but it does not define strong trust boundaries, validation steps, or restrictions on what a loaded skill may instruct the agent to do. In a system where SKILL.md files are effectively prompt inputs, broad auto-activation increases the chance that a malicious or overly permissive skill will be selected and its instructions treated as authoritative, leading to prompt injection or unsafe tool use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal