scenique-context-frame

Security checks across malware telemetry and agentic risk

Overview

This context-management skill is small and mostly purpose-aligned, but it silently saves conversation-derived summaries to a persistent OpenClaw workspace file.

Review before installing. Use this only if you are comfortable with conversation summaries being saved locally under the OpenClaw workspace, and prefer a revised version that clearly documents the storage behavior, uses a package-scoped or user-approved path, and makes persistence opt-in or easy to delete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The top-level comment on L02 frames this file as a simple MVP simulation of context handling, which implies in-memory demo behavior. However, lines L37-L50 write prior frame metadata and summaries to /root/.openclaw/workspace/context_frames_pending.json, introducing persistent side effects not reflected in that documentation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This code persists prior conversation frame metadata and summaries to /root/.openclaw/workspace/context_frames_pending.json, which affects user data by storing message-derived content on disk. Although the file writes are visible in code, there is no confirmation prompt, user-facing log, or explanatory comment/docstring warning that conversation content will be saved persistently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal