Firm Suppliers Pack
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward procurement skill with no evidence of hidden or malicious behavior in the submitted artifact.
Reasonable to install for procurement workflows if you trust the referenced OpenClaw extension. Before using risk monitoring, confirm where watched suppliers are stored, how to remove them, and whether supplier or contract data is retained by the backing tools.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.