Back to skill

Security audit

Agent并发安全控制器

Security checks across malware telemetry and agentic risk

Overview

This skill is a local agent queue and audit logger whose file writes and permissions match its stated purpose.

Before installing, be comfortable with the skill creating local log and queue-state files under ~/.openclaw/workspace. Treat sensitive task labels carefully: only critical tasks are held for confirmation; sensitive tasks are logged and allowed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The documentation says sensitive tasks need extra confirmation, but the implementation auto-allows 'sensitive' tasks and only prompts for 'critical' ones. In an agent-control context, this can lead operators or integrators to assume a human approval gate exists for file overwrites or configuration changes when it does not, enabling unintended sensitive actions with only audit logging.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill's invocation guidance is too broad because it suggests use whenever spawning sub-agents is needed, without strong boundaries on task type, trust level, or environmental preconditions. In an agentic system, overly broad triggers can cause the skill to activate in contexts involving sensitive actions, file writes, logging, or queue state changes, increasing the chance of unnecessary privileged behavior or unsafe automation.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.