Prompt Optimization Tool

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-optimization guide with broad activation wording, but it contains no executable code, install hooks, credential access, or hidden data handling.

Reasonable to install for prompt analysis and rewriting. Be aware it may activate during general prompt-engineering conversations; prefer explicit commands or disable broad auto-triggering if your OpenClaw setup supports that. Treat A/B testing claims and improvement percentages as guidance unless you separately provide approved measurement infrastructure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill declares automatic activation on very broad keywords such as 'prompt', 'optimize', 'improve', and 'A/B testing', which can cause the skill to trigger in unrelated conversations. Unintended activation can expose user prompts to this skill's transformation logic, interfere with other skills, and create prompt-routing confusion that degrades safety and predictability.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The manifest trigger 'ai prompt optimizer' is fairly generic and does not define constraints on when the skill should activate. While less risky than the broad automatic keyword list, underspecified triggers can still increase accidental matching and unintended execution in multi-skill environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal