Moses Stamp

Security checks across malware telemetry and agentic risk

Overview

This skill openly adds governance stamps to documents and keeps a small local stamp log, which matches its stated purpose but can expose provenance metadata in shared files.

Install this only if you want qualifying documents to be modified with visible governance metadata. Before using it for confidential or external deliverables, confirm that sharing session IDs, governance mode/posture, action numbers, and hashes is acceptable, and verify how to disable or remove stamps when exact document contents matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 81% confidence
Finding: The script persists state and audit metadata under ~/.openclaw/governance without explicit user consent or clear necessity for simple document stamping. In a skill context, undisclosed persistent storage can create privacy and tracking risks by leaving durable records of session identifiers and activity on the host system.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill mandates automatic appending of governance data to produced documents without warning about content alteration, metadata disclosure, or downstream compatibility issues. This can unintentionally leak session identifiers, operational posture, or other provenance fields into user deliverables and break workflows that expect exact output content.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill enables governed output by default for every document in the session and frames it as automatic enforcement rather than user choice. In context, this increases risk because all qualifying outputs may be silently altered and annotated with persistent provenance data, potentially exposing internal governance state across unrelated tasks.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The script writes persistent stamp event metadata to a JSONL log in the user's home directory without clear user-facing disclosure. Even though the logged fields are limited, this creates an unnecessary audit trail that may reveal usage patterns, timestamps, and stable session linkage across runs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal