Back to skill

Security audit

Spec-kit Coding

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support spec-driven development, but it needs review because setup installs unpinned external tools and skills and the workflow can delete project files.

Install only if you are comfortable with it downloading live third-party code and skills from GitHub into your OpenClaw workspace. Prefer running `setup.sh --check-only` first, review the listed external sources, avoid `--force` unless you intend to replace existing external skills, and do not run project initialization in a directory where `.claude` or `CLAUDE.md` contains user data you need to keep.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs shell command execution (`bash`, `specify`, `rm -rf`, `git`) but does not declare permissions or execution scope. In an agent framework, undeclared execution capability reduces transparency and weakens policy enforcement, making it easier for a seemingly documentation-oriented skill to perform real system changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The metadata presents the skill as an SDD orchestrator, but the behavior includes environment bootstrapping, installation of third-party tooling, and importing external skills from unrelated sources. This mismatch can cause users or enforcement systems to grant trust to a workflow assistant that actually performs supply-chain-affecting setup and broad workspace modification.

Session Persistence

Medium
Category
Rogue Agent
Content
- During project init (Step 1), ASK whether to enable git. Record the answer.
- If enabled: `git init`, `.gitignore`, initial commit. Then commit after
  each phase completion and each implementation batch.
- If disabled: do not create or manage a git repository.
- The user may enable git at any later point. Once enabled, keep it on.

### Context Isolation
Confidence
82% confidence
Finding
create or manage a git repository. - The user may enable git at any later point. Once enabled, keep it on. ### Context Isolation - "Implement" (The whole Step 6 and Step 6.X) MUST run in fresh isola

Tool Parameter Abuse

High
Category
Tool Misuse
Content
In project directory from now on:

1. Run: `specify init --here --integration claude --force --ignore-agent-tools --script sh --no-git`
2. Clean up: `rm -rf .claude CLAUDE.md` (keep `.specify/`).
3. Verify: `.specify/` exists by run  `test -d .specify && echo "OK: .specify/ exists"`, and skills .etc are present by run `bash ~/.openclaw/workspace/skills/spec-kit-coding/setup.sh --check-only`.
4. Follow the Git management section to do.
Confidence
96% confidence
Finding
rm -rf .claude CLAUDE.md` (keep `.specify/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.