一步完成进化

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw setup template for durable memory, scheduling, rescue mode, and official integrations, with broad but purpose-aligned workspace changes.

Install this only if you want OpenClaw to make durable workspace changes and maintain project/memory files over time. Before applying it to an existing setup, review the target files, keep version control or backups, confirm what heartbeat and cron jobs may read or write, and ensure Feishu or other external outputs require approval where appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill enables implicit invocation without any visible trigger constraints, domain boundaries, or user-confirmation requirements. That makes it easier for the agent to auto-activate this high-impact setup skill in ambiguous contexts, potentially causing unintended architectural changes, configuration drift, or execution of broad setup actions when the user did not explicitly request them.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad and action-oriented ('推进执行、整理交付、维护项目状态、补齐归档和确保系统持续可用'), with no clear preconditions, scope boundaries, or approval gates. In an agent system, that can cause over-invocation and overly autonomous operational changes across projects, increasing the chance of unintended file edits, task execution, or persistence changes beyond user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal