Manifest

Security checks across malware telemetry and agentic risk

Overview

Manifest is a coherent OpenClaw routing and observability skill, with expected cost/token monitoring behavior and no artifact evidence of malware or deception.

Install in local mode for evaluation or sensitive work. If enabling cloud mode, review Manifest's privacy/security documentation and confirm what usage, token, cost, routing, and health metadata is transmitted or retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include broad, conversational terms such as "costs" and especially "money burned," which can plausibly appear in ordinary dialogue unrelated to explicitly requesting this tool. In an agent setting, overly broad triggers can cause unintended invocation of monitoring tools, exposing usage or cost metadata when the user did not clearly ask for it and creating surprising behavior.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The cloud setup instructs users to configure an external API key and use a hosted service, but it does not clearly warn that usage, token, cost, and health telemetry may be transmitted to a third-party platform. In a routing and observability plugin, that omission is security-relevant because users may unknowingly send operational metadata off-host, affecting privacy, compliance, and data-governance expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal