vlm-grounding

Security checks across malware telemetry and agentic risk

Overview

The image-grounding skill is plausible, but it ships an unrelated captured API/chat log containing user image data and internal OpenClaw context.

Review or remove ssssss.json before installing. Use this skill only with a trusted GLM/VLM endpoint, avoid sensitive images unless that endpoint is acceptable, and ask the publisher to ship a minimal package with declared config paths and the required helper modules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (22)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest says this skill should use multimodal grounding to detect and locate objects/text in images. In the captured conversation, the assistant later admits the coordinates were visually estimated by itself and '不是模型返回的结构化数据', which contradicts the claimed grounding behavior and means the skill is effectively doing informal visual guessing instead of actual grounding output.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The file contains an active contradiction in intent/documentation: earlier responses present bounding boxes as if they are grounding outputs, but later the assistant explicitly says '是我自己根据图片目测估算的，不是模型返回的结构化数据' and also says it did not manually construct a grounding prompt. That is not merely incomplete documentation; it directly contradicts the implied intent of a grounding skill.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest says to activate when the user asks to "find, locate, detect" objects or text in an image, which is broad natural language and not constrained by explicit exclusion conditions. Although image context is mentioned, the trigger specification still lacks clear boundaries or negative examples, increasing the risk of unintended invocation for ordinary image-related requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow and examples document an HTTP API call that includes `images=[image_path]`, meaning user-provided image data is transmitted to a model service. The markdown explains how to perform the call, but it does not warn users that images may leave the local process or internal environment, which is a relevant privacy and data-handling disclosure.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: Nearly all user-facing documentation and prompt examples are written in Chinese, including the title and usage instructions, with no indication that users may interact in other languages or that Chinese is a justified requirement. Under the policy, forcing a specific language without opt-in can be a natural-language policy violation.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The JSON log contains multiple natural-language identity and instruction strings that prescribe Chinese output, including the assistant identity and user-profile content written only in Chinese, plus Chinese-facing operational instructions embedded in the conversation. Under the stated policy, forcing a specific language or locale without opt-in is a policy violation unless the skill explicitly offers language choice or documents a justified locale constraint, which this file does not.

Self-Modification

High

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: update skill

Self-Modification

High

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: update skill

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write operations. Activate when user mentions Feishu docs, cloud docs, or docx links.\n</description>\n <location>/workspace/openclaw/openclaw-zhangjuzheng/extensions/feishu/skills/feishu-doc/SKILL

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write for write", "type": "string"}, "keys": {"description": "Key tokens to send for send-keys", "type": "array", "items": {"type": "string"}}, "hex": {"description": "Hex bytes to send for send-keys"

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write operations. Activate when user mentions Feishu docs, cloud docs, or docx links.\\n</description>\\n <location>/workspace/openclaw/openclaw-zhangjuzheng/extensions/feishu/skills/feishu-doc/SKI

Session Persistence

Medium

Category: Rogue Agent
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 60% confidence
Finding: write for write\",\"type\":\"string\"},\"keys\":{\"description\":\"Key tokens to send for send-keys\",\"type\":\"array\",\"items\":{\"type\":\"string\"}},\"hex\":{\"description\":\"Hex bytes to send f

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rM1DMeQZGAHfbWmGKbocHemmJJON3/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmXDA0Ori4rRp/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rMND0QK8l1UvGbOUxopVfkQCKxFexgDjGJ2mAPghetxoopwEu3c1mUXFQYLlha7/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RM+hPBiuB8hnmj6E9vftniuBVVLhYEUc8xeQbKl9hGg8mIemS7IbL+6iCGjc0zg6Dqx6p/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmHvcFsaoGkLAfUGoRZpyhE5qecTNUImB90qyieYJd0Wyq6WWxRYcAjYdMna/fEM2wbNr8/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rM1DMeQZGAHfbWmGKbocHemmJJON3/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmXDA0Ori4rRp/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: rMND0QK8l1UvGbOUxopVfkQCKxFexgDjGJ2mAPghetxoopwEu3c1mUXFQYLlha7/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RM+hPBiuB8hnmj6E9vftniuBVVLhYEUc8xeQbKl9hGg8mIemS7IbL+6iCGjc0zg6Dqx6p/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: {"id": 1, "timestamp": 1773679810.3415484, "time_str": "2026-03-16 16:50:10", "session": "72766bada31e_20260316_165010", "method": "POST", "path": "/v1/chat/completions", "streaming": true, "request_headers": {"host": "127.0.0.1:5213", "connection": "keep-alive", "Accept": "application/json", "User-Agent": "OpenAI/JS 6.26.0", "X-Stainless-Retry-Count": "0", "X-Stainless-Lang": "js", "X-Stainless-Package-Version": "6.26.0", "X-Stainless-OS": "Linux", "X-Stainless-Arch": "x64", "X-Stainless-Runtime": "node", "X-Stainless-Runtime-Version": "v22.22.1", "authorization": "Bearer idonthaveakey", "content-type": "application/json", "accept-language": "*", "sec-fetch-mode": "cors", "accept-encoding": "gzip, deflate", "content-length": "296734"}, "request_body": {"model": "GLM-4.7V-355B-SFT-20260315", "messages": [{"role": "system", "content": "You are a personal assistant running inside OpenClaw.\n## Tooling\nTool availability (filtered by policy):\nTool names are case-sensitive. Call tools exactly as listed.\n- read: Read file contents\n- write: Create or overwrite files\n- edit: Make precise edits to files\n- exec: Run shell commands (pty available for TTY-required CLIs)\n- process: Manage background exec sessions\n- web_search: Search the web (Brave API)\n- web_fetch: Fetch and extract readable content from a URL\n- sessions_list: List other sessions (incl. sub-agents) with filters/last\n- sessions_history: Fetch history for another session/sub-agent\n- sessions_send: Send a message to another session/sub-agent\n- subagents: List, steer, or kill sub-agent runs for this requester session\n- session_status: Show a /status-equivalent status card (usage + time + Reasoning/Verbose/Elevated); use for model-use questions (📊 session_status); optional per-session model override\n- memory_get: Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.\n- memory_search: Mandatory recall ste ...[truncated 28 chars]
Confidence: 85% confidence
Finding: RmHvcFsaoGkLAfUGoRZpyhE5qecTNUImB90qyieYJd0Wyq6WWxRYcAjYdMna/fEM2wbNr8/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal