Security audit

Predict

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it materially overstates its forecasting abilities and should be reviewed before relying on it.

Install only if you want a lightweight forecasting checklist with local recordkeeping. Do not treat it as an actual prediction engine for business, financial, safety, or risk decisions unless real analysis logic and the missing helper scripts are added and reviewed. Check or delete ~/.openclaw/workspace/memory/predict when you no longer want retained forecast records.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill performs local file read/write operations but does not declare permissions, which undermines transparency and consent around data access. Even though the storage is described as local and related to the skill’s function, undeclared capabilities can lead to unexpected persistence of sensitive forecasting inputs and outputs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 81% confidence
Finding: The skill description focuses on prediction functionality but does not clearly disclose that it writes forecast metadata to persistent local storage. This mismatch can mislead users about data handling, especially when forecasts and risk assessments may contain sensitive business or personal information.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill advertises prediction and forecasting capabilities, but the implementation only prints a generic checklist and stores user-supplied metadata. This creates a deceptive capability gap: users or downstream agents may rely on outputs as if they were evidence-based forecasts, leading to incorrect operational, financial, or safety decisions despite no real analysis being performed.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The module docstring explicitly claims the script forecasts trends, but the code does not perform any forecasting. Misleading documentation increases the chance that users, auditors, or orchestration systems will overtrust the tool and treat placeholder output as analytical evidence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.