Security audit

Tolstoy MCP

Security checks across malware telemetry and agentic risk

Overview

This skill appears legitimate, but it gives a persistent remote Tolstoy MCP connection authority to manage and publish commerce content, so users should review it carefully before installing.

Install only if you trust Tolstoy's MCP service and intend to let OpenClaw manage Tolstoy commerce assets. Use a least-privilege or test workspace first, confirm the target account before any publish/delete action, and know how to revoke OAuth access and remove the tolstoy MCP entry from OpenClaw config.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill is presented as a Tolstoy integration, but the documented setup performs a local configuration change by writing to `~/.openclaw/openclaw.json` or an alternate path from an environment variable. That side effect broadens trust to a remote MCP endpoint and can alter future agent behavior persistently, yet it is not surfaced as a sensitive operation with clear security implications.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises capabilities to publish assets to Shopify, Instagram, TikTok Shop, and Meta Ads, and to delete widgets, without prominent warnings about public-facing or destructive effects. In an agentic workflow, that can lead users to trigger irreversible or externally visible actions they did not fully intend, especially once OAuth authorization is persistent.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: tolstoy-mcp description: Connect OpenClaw to Tolstoy's video commerce platform via MCP. Create widgets, manage media, generate AI videos, search products, and publish to Shopify/Instagram/TikTok. Use when the user wants to work with Tolstoy, create video widgets, manage e-commerce content, or integrate with Tolstoy's platform. triggers: tolstoy, video commerce, shopper widget, product video, AI video, Shopify widget, Tolstoy platform, gotolstoy ---
Confidence: 84% confidence
Finding: Create widgets, manage media, generate AI videos, search products, and publish to Shopify/Instagram/TikTok. Use when the user wants to work with Tolstoy, create video widgets, manage e-commerce conten

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.