SimpliXio Loop

Security checks across malware telemetry and agentic risk

Overview

This is a text-only planning skill whose broad activation should be managed, but it does not show hidden code, credential access, destructive behavior, or exfiltration.

Safe to install as a planning aid. When using it in private repositories or sensitive workspaces, tell the agent which files or folders are in scope. Users who prefer explicit activation should be aware that the skill is marked always-on and may appear in broad planning conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest sets `metadata.openclaw.always` to `true`, which indicates the skill may be activated broadly rather than only for narrowly defined user intents. In a user-invocable planning skill that encourages inspecting files, docs, and code paths, over-broad automatic activation increases the chance the skill is injected into unrelated sessions, causing unnecessary context access, prompt interference, or unintended influence over agent behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal