Back to skill

Security audit

openclaw-engine-mcp-setup

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its stated MCP setup purpose, but it publishes a hardcoded authorization value for a remote financial MCP service and under-discloses the resulting data and credential risks.

Review before installing. Replace the embedded Authorization value with your own scoped credential, avoid committing the MCP config, and only send strategy or market data to this remote service if you trust its operator and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds what appears to be a live Authorization credential and app identifier directly in documentation. Distributing usable secrets in a setup skill exposes the downstream MCP service to unauthorized use, credential reuse, abuse, and difficult-to-contain leakage via source control, logs, or model outputs.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
A skill framed as MCP setup also includes detailed operational JSON-RPC invocations for running financial backtesting and analysis. This broadens the skill from configuration into execution guidance, increasing the chance an agent will perform sensitive or unintended remote operations against the configured server rather than merely enabling connectivity.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation contains hard-coded Authorization material without any warning that it is sensitive or must be rotated and stored securely. In a skill context, this is especially dangerous because agents may copy these values into configs verbatim, propagating exposed credentials across systems and conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.