Chart

Security checks across malware telemetry and agentic risk

Overview

This skill locally generates charts and saves chart history in a clearly disclosed local OpenClaw folder, with no evidence of network access, credential use, or hidden behavior.

Install this if you are comfortable with chart inputs and generated images being saved locally under ~/.openclaw/workspace/memory/chart. Avoid using sensitive data in charts unless local persistence is acceptable, and provide Python 3 and matplotlib from trusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises and documents local file storage and output generation, which implies file read/write capability, but it does not declare permissions explicitly. That creates a transparency and policy-enforcement gap: users or orchestration layers may not realize the skill can persist data to disk, making unintended data exposure or misuse of workspace files more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal