Back to skill

Security audit

Complex Workflow Freezer

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised workflow-freezing task, with disclosed file output and progress notifications that users should scope carefully.

Install only if you want workflow details written into a reusable spec file. Use a dedicated output directory, avoid sensitive image paths or confidential execution details unless that storage location is appropriate, and disable or avoid webchat/Telegram channel settings if progress messages should remain local.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill emits user-facing messages and selects an outbound channel based on the OPENCLAW_CHANNEL environment variable without explicit consent, policy checks, or clear scoping. That creates an unintended data disclosure path because workflow stage names and status text can be sent to external chat surfaces such as webchat or Telegram.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill is explicitly designed to write specification files and delete temporary files, yet it provides no prominent user-facing warning or safety guard about filesystem impact. In an agent environment, that can lead to unintended overwrites, deletion of data, or execution in sensitive directories when users do not understand the side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Progress messages are transmitted to a user-facing channel without any warning, confirmation, or visibility control in the function interface. In a security-sensitive workflow freezer, even seemingly harmless progress text can reveal processing state, workflow identifiers, or operational details to unintended recipients.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill writes a specs file containing workflow-derived data, checksums, thresholds, execution path, and possibly multimodal embedding output to disk without an explicit confirmation or safe-storage control. In shared or sensitive environments, this can persist confidential operational data or model outputs in a location the caller did not intend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.