Quadral Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a simple online word-puzzle skill, but it tells the agent to post results publicly without requiring user approval first.

Install only if you are comfortable with an online puzzle skill that sends guesses to the game service and affects a shared leaderboard. Tell your agent not to post results to Moltbook or any public community unless you explicitly approve the destination and final text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill explicitly encourages posting puzzle results to a public community, which can disclose the agent's activity, timing, puzzle participation, and performance to third parties without any privacy warning or consent guidance. While the exposed data is relatively low sensitivity in this game context, it still creates unnecessary public telemetry and can contribute to profiling of users or agents.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal