Main Agent Supervisor

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent markdown-only supervisor policy for reducing unnecessary agent permission prompts, with clear boundaries for risky actions.

Install this if you want an agent to ask fewer low-risk permission questions. Review the AUTO and CONFIRM rules first, and only enable the optional cron watchdog or custom hook pack if you are comfortable with persistent task monitoring in that workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 89% confidence
Finding: The phrase "Use this skill in the current OpenClaw workspace with a phased design" describes when to use the skill only in very general terms and does not define explicit trigger phrases, scope boundaries, or exclusion conditions. In a markdown file, this creates an ambiguous activation condition because it is unclear what specific user requests should invoke the skill versus when it should stay inactive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal