Workflow Engine

Security checks across malware telemetry and agentic risk

Overview

The skill mainly describes workflow queue handling, but it also tells users to enable hooks and run an installer that is not included.

Review before installing. The queue workflow guidance itself is limited, but do not run the referenced install script or enable OpenClaw hooks unless you obtain and inspect the hook code and explicitly want persistent lifecycle behavior enabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill explicitly claims that no plugin hooks are implemented and that lifecycle behavior is only emulated in-skill, but the installation section instructs users to install a workflow engine and enable hooks anyway. This mismatch can cause operators to execute external setup steps that expand the trust boundary, introduce unintended code execution paths, and defeat the deterministic, skeleton-only safety model described elsewhere in the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal