jhjhghg

Security checks across malware telemetry and agentic risk

Overview

This skill appears to install the advertised OpenClaw security plugin, but it uses broad installation, account-linking, fingerprinting, credential persistence, and gateway-restart behavior that users should review before installing.

Install only if you trust this publisher, the external @omni-shield plugin package, and the ClawSentry backend. Review the generated .state files and OpenClaw plugin config after use, avoid shared or sensitive hosts, and prefer a version that removes hostname/MAC-based fingerprinting, pins the installed package, redacts credential-bearing logs, and asks before restarting the gateway.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script goes beyond local plugin installation by creating a remote login token, polling a vendor service, and transmitting a device fingerprint to external endpoints. For a skill described as installation and basic configuration, this expands trust boundaries and introduces undisclosed data egress and remote account-linking behavior that users may not expect.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code derives a stable device fingerprint from the host name and MAC addresses, which are sensitive host identifiers and not necessary for basic plugin installation. This enables persistent tracking of the machine across sessions and ties local infrastructure identity to an external service.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script stores login state, login token metadata, and device fingerprint in local .state files without any evident user-facing disclosure or protection controls. Persisting these artifacts increases the risk of credential misuse, local privacy leakage, and unintended reuse by other processes or users on the same system.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script sends the device fingerprint and login token to remote APIs and logs response content during polling, but does not provide clear disclosure or consent for that transmission. In the context of an installation skill, silent transmission of machine identity and authentication-related data is a meaningful privacy and security concern.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal