Vibe Card

Security checks across malware telemetry and agentic risk

Overview

This is a coherent business-card and contact-book skill, but it needs review because it can publish personal data, auto-save received cards, store a service key, and set up recurring sync with limited consent controls.

Install only if you are comfortable with the agent using remembered information to draft contact/profile records, uploading selected card fields to the Vibe Card server, importing received cards into a local contact book, storing a local service credential, and optionally running scheduled sync. Review every field before publishing or importing, avoid processing cards from untrusted messages, and check for/remove the cron task if you do not want background syncing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The manual instructs the agent to invoke the OpenClaw CLI to create a persistent scheduled task. Even though this supports the product feature, it crosses from normal contact management into autonomous system-side action with persistence, which can create unintended background execution and notification behavior without a strong user-consent checkpoint. In an agent skill, scheduled task creation is security-relevant because it expands execution scope beyond the immediate user request.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger set is overly broad and includes generic phrases like “初始化”, “联系人”, and “发名片”, plus topic-based activation on common contact-management terms. That can cause the skill to activate in unrelated conversations and perform sensitive actions such as reading/writing contact data, generating cards, or processing inbound `vibe-card://` content without sufficiently clear user intent.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill instructs registration, publishing, receiving cards from the server, and syncing contacts, but it does not clearly warn users that profile and contact data will be transmitted to a remote service. Because the skill handles personal identity and address-book information, the absence of explicit disclosure and consent materially increases privacy and data-exfiltration risk.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The message instructs users to copy the card to their Agent so it can 'automatically save' the contact, and the skill metadata also states that messages containing a vibe-card:// URI may be auto-recognized and saved. This creates an overly broad trust boundary where unverified inbound content can trigger contact ingestion, enabling spoofed identities, contact poisoning, and unwanted persistence of attacker-controlled data in the user's address book.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The onboarding text states that received business cards will be 'automatically recognized and saved' without describing any confirmation, trust check, or scope limitation. In a contact-management skill, this creates a real risk of unintended data ingestion, spoofed contact entries, or persistence of attacker-supplied content from any message containing the custom protocol.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The manual says the agent will automatically register the user and publish filtered card data to a remote server, but it does not require a clear privacy notice or network-transmission warning at the moment of publication. This is dangerous because users may confirm a content preview without understanding that data will be sent off-device, made publicly reachable, and associated with a server-side identifier.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manual directs the agent to proactively extract known contact details from memory and write them into contacts.json without an explicit data-processing warning or per-contact confirmation. This creates a privacy risk because third-party personal data may be persisted from prior context or memory even when the user did not intentionally provide all fields for storage in this action.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill explicitly tells the agent to mine its memory for personal details and generate a profile card from that remembered information. In this context, memory may contain sensitive or stale data the user did not intend to publish, so using it as the default source for a shareable identity card creates a meaningful risk of privacy leakage.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill defaults to publicly exposing multiple profile fields—name, title, one_liner, links, and current_focus—without explicit per-field consent. In a contact-card and roster-management skill, those fields can reveal professional identity, affiliations, interests, and external accounts, making inadvertent public disclosure especially risky.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persisting contact details by proactively mining agent memory without explicit field-by-field confirmation is a real data-handling vulnerability. In the context of a contact-management skill, this is especially sensitive because it involves third-party personal information, and the skill normalizes silent collection and storage of details the user may not have intended to retain.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The manual directs the agent to derive profile content, including contact methods, from memory to prepare a card for publication. Although later confirmation is mentioned, the workflow still encourages assembling potentially sensitive personal data from memory for a public-facing artifact, increasing the chance of over-collection or accidental disclosure of stale/private details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal