Security audit
opencli zh
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed Chinese-language helper for the opencli tool, with browser-session access and public write actions gated by user confirmation.
Install this only if you trust the opencli npm package and are comfortable letting it use existing browser sessions for supported sites. Review prompts carefully before allowing public posts, likes, deletes, request interception, browser bridge changes, or persistent adapter files under ~/.opencli.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.