Back to skill

Security audit

Paid Bundle V1.1

Security checks across malware telemetry and agentic risk

Overview

This package is an incomplete overview that advertises persistent memory, file scanning, and multi-agent control without providing the referenced detailed skill files or clear operating limits.

Review this carefully before installing. Do not treat it as a complete security-reviewed seven-skill bundle unless the publisher supplies the referenced phase files for inspection. Avoid wildcard-copy installation, and only enable persistent memory after deciding what it may scan, where it stores data, who can access it, and how you will delete or disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The install section includes filesystem writes and a service restart command without clearly warning that these operations modify the local environment and can disrupt a running OpenClaw instance. In an agent-executed context, operational commands like copy and restart can have real side effects, so omitting an explicit confirmation step increases the risk of unintended changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidance to persist memory in a fixed directory and add the setting to shell/profile configuration encourages durable retention of agent data without explaining privacy, retention, or access-control implications. Persistent memory can store sensitive prompts, outputs, or derived artifacts across sessions, so failing to disclose that behavior can lead to unintentional long-term exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.