Back to skill

Security audit

Bobiverse Replicate

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed, operator-gated agent replication tool with meaningful safeguards, though installing it means allowing persistent new OpenClaw workspaces to be created.

Install only if you want an agent-management skill that can create persistent OpenClaw clone workspaces. Review the dry-run output carefully, do not automate the confirmation token, and remember that a clone may inherit workspace files and memory from the parent depending on the selected memory policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly directs file reads/writes and shell execution via a local Python runner and OpenClaw CLI operations, but it declares no permissions. That mismatch is a real security issue because it can bypass operator/admin expectations and allow a user-invocable skill to perform powerful local actions without an explicit permission contract.

Session Persistence

Medium
Category
Rogue Agent
Content
Example: If you are `Bob-1-TheAmericanMaker-2026-04-01` and the operator's GitHub is `SomeUser`, the clone becomes `Bob-2-SomeUser-2026-04-15`.

### Step 3: Create Clone Workspace (Safe Runner Only)

Use the hardened runner script at:
Confidence
82% confidence
Finding
Create Clone Workspace (Safe Runner Only) Use the hardened runner script at: `skills/replicate/scripts/replicate_safe.py` This script enforces validation, path boundaries, confirmation token checks

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.