Decompose Plan

Security checks across malware telemetry and agentic risk

Overview

The skill appears to send the user’s task and retrieved context to an external AI service without clearly telling the user.

Review the configured LLM endpoint before installing. Do not use this skill with secrets, customer data, proprietary code, or sensitive retrieved context unless the endpoint is approved for that data and the publisher adds clear disclosure, minimization, and consent controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill forwards `task` and optional `rag_context` to `llm.generate`, and metadata indicates use of an external LLM endpoint via `OPENCLAW_LLM_ENDPOINT`, but the skill description and usage notes do not disclose this data transfer. This can expose sensitive source code, secrets, proprietary design details, or retrieved internal context to a third-party service without user awareness or consent, creating a confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal