Security audit

Client Communication Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent client-email drafting and sending workflow with sensitive but disclosed SMTP and client-data access, and it repeatedly requires human approval before messages go out.

Before installing, use a dedicated app-specific SMTP password, restrict OPENCLAW_DATA_DIR to the intended client records, protect any Slack webhook, and test that batch reminders show the recipient list and require explicit authorized approval before any email is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The batch reminder prompt is underspecified: 'all clients who have VAT returns due within 7 days' can trigger broad multi-client processing without explicit scope, approval boundaries, or safeguards on recipient selection. In a client-communication skill, this increases the risk of over-inclusive queries, unintended draft generation for the wrong clients or periods, and mass-action mistakes that affect confidentiality and operational accuracy even if messages are not auto-sent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal