visual-grounding

Security checks across malware telemetry and agentic risk

Overview

The skill’s main visual-grounding instructions are coherent, but the package also includes an unrelated captured OpenClaw chat/API log with system prompts, tool definitions, headers, user conversation content, and a large base64 duplicate.

Review before installing. The visual-grounding workflow itself is understandable, but the published package should remove ssssss.json, include or pin the helper modules it imports, and clearly document the model endpoint, proxy bypass, image data flow, and any local config it expects to read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (20)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The manifest describes a skill whose purpose is to leverage the model's multimodal grounding capability for detection and localization. In the conversation record, the assistant later admits the returned coordinates were visually guessed by the assistant and not model-returned structured data, which means the implemented behavior does not match the claimed grounding capability.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The available skill description says this skill uses GLM-4.7V's multimodal grounding capability, which implies an actual grounding-oriented invocation. Later in the transcript, the assistant says it did not control the prompt and suggests precise grounding would require configuring the call layer, actively contradicting the intended documented behavior of the skill.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The natural-language content is entirely in Chinese, including the title, workflow, prompts, and examples, and the trigger list includes Chinese phrases without stating that language use is optional. This can violate language/locale policy when a skill implicitly requires a specific language rather than offering opt-in or documenting a justified locale restriction.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: This JSON log contains multiple natural-language assistant responses and persona/config text that prescribe Chinese output and identity details in Chinese, without presenting a user language choice. Under the policy rule, forcing a specific language or locale without explicit opt-in is a reportable organizational policy violation.

Self-Modification

High

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: update skill

Self-Modification

High

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: update skill

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write operations. Activate when user mentions Feishu docs, cloud docs, or docx links.\n</description>\n <location>/workspace/openclaw/openclaw-zhangjuzheng/extensions/feishu/skills/feishu-doc/SKILL

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write for write", "type": "string"}, "keys": {"description": "Key tokens to send for send-keys", "type": "array", "items": {"type": "string"}}, "hex": {"description": "Hex bytes to send for send-keys"

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write operations. Activate when user mentions Feishu docs, cloud docs, or docx links.\\n</description>\\n <location>/workspace/openclaw/openclaw-zhangjuzheng/extensions/feishu/skills/feishu-doc/SKI

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write for write\",\"type\":\"string\"},\"keys\":{\"description\":\"Key tokens to send for send-keys\",\"type\":\"array\",\"items\":{\"type\":\"string\"}},\"hex\":{\"description\":\"Hex bytes to send f

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rM1DMeQZGAHfbWmGKbocHemmJJON3/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmXDA0Ori4rRp/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rMND0QK8l1UvGbOUxopVfkQCKxFexgDjGJ2mAPghetxoopwEu3c1mUXFQYLlha7/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RM+hPBiuB8hnmj6E9vftniuBVVLhYEUc8xeQbKl9hGg8mIemS7IbL+6iCGjc0zg6Dqx6p/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmHvcFsaoGkLAfUGoRZpyhE5qecTNUImB90qyieYJd0Wyq6WWxRYcAjYdMna/fEM2wbNr8/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rM1DMeQZGAHfbWmGKbocHemmJJON3/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmXDA0Ori4rRp/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rMND0QK8l1UvGbOUxopVfkQCKxFexgDjGJ2mAPghetxoopwEu3c1mUXFQYLlha7/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RM+hPBiuB8hnmj6E9vftniuBVVLhYEUc8xeQbKl9hGg8mIemS7IbL+6iCGjc0zg6Dqx6p/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmHvcFsaoGkLAfUGoRZpyhE5qecTNUImB90qyieYJd0Wyq6WWxRYcAjYdMna/fEM2wbNr8/

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal