Context Topics

Security checks across malware telemetry and agentic risk

Overview

This plugin is a local project-memory tool whose file access and prompt injection behavior match its stated purpose, with one low-risk wording issue around optional live probes.

Install only if you want local, persistent topic memory. Review any files listed in a topic manifest because their contents can be injected into prompts, avoid putting secrets in topic rooms, and do not add live_probe commands unless you are comfortable approving or supervising their execution.

Publisher note

This plugin reads and writes local topic-room files under ~/openclaw-soul/topics and plugin session state under ~/openclaw-soul/state. It registers a slash command and prompt-build hook. It does not execute shell commands; live probes are listed for the agent to run manually on demand. Sensitive-looking files are blocked from prompt injection, their absolute paths are redacted, and session identifiers are hashed before persistence or logging.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Low

Confidence: 89% confidence
Finding: The comments say probes should only be listed so the agent knows they can be run if the user asks, but the generated bundle instructs the agent to run them whenever current state is needed for the turn. That broadens authority from user-driven execution to model-driven execution and can cause unapproved command execution via the host exec tool.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal