Back to skill

Security audit

Agent Retro

Security checks across malware telemetry and agentic risk

Overview

This retrospective skill has a clear purpose, but it can read private session history and change long-lived memory and agent instruction files without a review step.

Install only if you deliberately want an agent to review local OpenClaw session logs and update persistent memory and behavior files. Before running it, use a specific date and agent ID, ask for a dry-run or diff first, and manually approve any changes to USER.md, SOUL.md, AGENTS.md, or MEMORY.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill advertises a broad trigger around '复盘/总结昨天表现', which can overlap with ordinary conversational requests and cause the skill to activate unexpectedly. Because activation leads to reading session logs and making persistent file modifications before reporting, an accidental trigger can cause unintended data access and state changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill mandates real writes to multiple core memory/config files before informing the user, but does not require informed consent or present the risks of altering persistent state. This is dangerous because it can silently overwrite or entrench sensitive summaries, profiles, and behavioral rules in long-term files, making mistakes hard to detect and undo even with backups.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to collect all conversations and tool activity for a day, extract user profiling information, and persist those conclusions into long-term files like USER.md, MEMORY.md, and related documents. This creates a substantial privacy and retention risk because sensitive personal details, inferred traits, and historical interactions may be stored beyond the original purpose and later exposed, reused, or poisoned by adversarial session content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.