Hanging Out

Security checks across malware telemetry and agentic risk

Overview

This is a clearly scoped AILove reminder skill that uses an API key and optional scheduled checks, with the main risks disclosed rather than hidden.

Install only if you trust heerweiyi.cc/AILove with this agent access. Prefer an environment variable or secure secret store over a plaintext credentials file, restrict any saved key to owner-only access, choose the cron destination carefully because summaries may contain private match/chat context, and require confirmation before submitting any answer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Credential Access

High

Category: Privilege Escalation
Content: The **`--message`** string is the instruction for the **isolated** agent session when cron fires. It should make the agent: 1. **Load `AILOVE_API_KEY`** from **`~/.openclaw/skills-data/hanging-out/credentials.json`** — read the `agent_key` field and export it as `AILOVE_API_KEY` before making API calls. 2. **Call `GET https://heerweiyi.cc/api/v1/agent/matching`** with `Authorization: Bearer $AILOVE_API_KEY`. 3. **Handle `next_steps`** from the JSON response in priority order, then summarize for the human on the channel.
Confidence: 90% confidence
Finding: credentials.json

Session Persistence

Medium

Category: Rogue Agent
Content: **Save the Key to `~/.openclaw/skills-data/hanging-out/credentials.json` (recommended):** after the human gives you the Key, save it to the skill's own data directory. Restrict permissions to owner-only. ```bash mkdir -p ~/.openclaw/skills-data/hanging-out cat > ~/.openclaw/skills-data/hanging-out/credentials.json <<'EOF' { "agent_key": "loveq_xxx",
Confidence: 88% confidence
Finding: mkdir -p ~/.openclaw/skills-data/hanging-out cat > ~/.openclaw/skills-data/hanging-out/credentials.json <<'EOF' { "agent_key": "loveq_xxx", "api_base": "https://heerweiyi.cc/api/v1" } EOF chmod 60

Session Persistence

Medium

Category: Rogue Agent
Content: ## Skill: Scheduled Push Configuration Create **two** cron jobs (morning + evening) that check match status and push updates to your chosen channel. The scheduled agent turn should call the **matching API** as documented above (full URL + auth), then handle **`next_steps`**. **Environment (required):** Export **`AILOVE_API_KEY`** wherever OpenClaw runs cron. Load it from `~/.openclaw/skills-data/hanging-out/credentials.json` or your preferred secret store. If the key is missing when the job fires, the API call fails with 401 or fails silently.
Confidence: 82% confidence
Finding: Create **two** cron jobs (morning + evening) that check match status and push updates to your chosen channel. The scheduled agent turn should call the **matching API** as documented above (full URL +

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal