Back to skill

Security audit

Bohrium Knowledge Base Management

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it can delete or expose Bohrium knowledge-base data and has confusing credential handling that users should review before installing.

Review before installing. Use this only if you trust the publisher with your Bohrium account and knowledge-base contents. Verify which ACCESS_KEY will be used, avoid broad or accidental file paths for uploads, and require explicit confirmation before deletes, permission changes, public sharing, or bot messaging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script silently searches ~/.openclaw/openclaw.json for an ACCESS_KEY and uses it for outbound API calls. Auto-discovering credentials from another local tool increases the blast radius of this skill because it can operate with ambient secrets without explicit user consent, which is risky even if the apparent purpose is knowledge-base upload.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs the agent to delete an entire knowledge base by deleting its root folder node, but it does not provide a clear irreversible-data-loss warning or require confirmation. In an agent setting, this increases the chance of accidental destructive actions against user-managed content through ambiguous or mistaken prompts.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Folder deletion is documented as a direct API call without highlighting that contained literature or nested content may be lost. In agent workflows, omission of a safety interlock can lead to unintended data destruction from natural-language requests or ID confusion.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes literature deletion as a simple one-step operation with no warning that the content may be permanently removed. For an autonomous or semi-autonomous agent, this creates a real risk of irreversible user data loss from mistaken targeting or prompt ambiguity.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script both retrieves credentials from environment/config sources and uploads file contents to a remote service, but provides no interactive warning or affirmative disclosure that it will do so. In an agent skill context, hidden credential use plus file exfiltration to an external endpoint is security-relevant because a user may not realize local secrets and local files are being transmitted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/bohrium-kb-upload.py:219