cms-openclaw-honor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Open API client for checking the current employee's AI certification status using an AppKey.

Install only if you trust the Open API service and the companion cms-auth-skills dependency to handle your personal AppKey. The skill should be allowed to call the documented production domain, but it does not need broad filesystem access, background execution, or access to unrelated environment secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares executable tools and explicitly instructs running Python scripts that make authenticated HTTP requests, but the metadata does not clearly declare the underlying network/env capabilities as permissions. This creates a policy and review gap: operators may treat the skill as low-risk/read-only while it can still access environment-provided secrets and exfiltrate data over the network, increasing the chance of overbroad deployment or insufficient sandboxing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal