Back to skill

Security audit

Reminder

Security checks across malware telemetry and agentic risk

Overview

This reminder skill does what it says: it saves reminder details locally and schedules Telegram notifications, with no hidden code or unrelated behavior found.

Install only if you are comfortable saving reminders to ~/.openclaw/workspace/reminders/events.yml and receiving Telegram notifications. Use explicit wording when creating reminders, review the resolved time before relying on it, set REMINDER_TZ if Asia/Shanghai is not correct for you, and avoid storing sensitive reminders in a workspace that may be synced or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is broad enough to trigger on ordinary conversation about meetings, birthdays, deadlines, or plans, which can cause the skill to activate without clear user intent. In this skill, unintended activation is risky because it can write personal reminder data into the workspace and create Telegram notification schedules, producing privacy and integrity issues rather than just a harmless response.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The capture examples tell the agent to act on natural-language event statements but do not define a constraint that reminder creation should occur only after explicit user consent. This makes it plausible that casual mentions of future events are silently converted into stored records and Telegram reminders, which is dangerous because it affects both user data storage and outbound messaging behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explains that events are stored in a workspace file and are easy to sync via Git, but it does not present this as a user-facing privacy warning at the point of use. Users may disclose sensitive meetings, birthdays, or deadlines without realizing the data will be persisted in sync-friendly storage, increasing the risk of unintended retention or exposure across devices and repositories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The summary/description says the skill schedules Telegram notifications, but it does not clearly warn users that reminder contents or metadata may be sent through Telegram, a third-party messaging channel. This is a meaningful privacy issue because sensitive event details could leave the local environment and be exposed through notification content, chat history, or account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.