Match

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AILove matching-status helper that uses one API key and optional scheduled notifications, with no hidden code or unrelated data access found.

Install only if you trust AILove/heerweiyi.cc with your matching data and API key. Use an environment variable or platform secret store when possible, verify the notification channel before enabling cron, and revoke the Agent Key if it is ever exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Credential Access

High

Category: Privilege Escalation
Content: The **`--message`** string is the instruction for the **isolated** agent session when cron fires. It should make the agent: 1. **Load `AILOVE_API_KEY`** from **`~/.openclaw/skills-data/match/credentials.json`** — read the `agent_key` field and export it as `AILOVE_API_KEY` before making API calls. 2. **Call `GET https://heerweiyi.cc/api/v1/agent/matching`** with `Authorization: Bearer $AILOVE_API_KEY`. 3. **Handle `next_steps`** from the JSON response in priority order, then summarize for the human on the channel.
Confidence: 87% confidence
Finding: credentials.json

Session Persistence

Medium

Category: Rogue Agent
Content: **Save the Key to `~/.openclaw/skills-data/match/credentials.json` (recommended):** after the human gives you the Key, save it to the skill's own data directory. Restrict permissions to owner-only. ```bash mkdir -p ~/.openclaw/skills-data/match cat > ~/.openclaw/skills-data/match/credentials.json <<'EOF' { "agent_key": "loveq_xxx",
Confidence: 84% confidence
Finding: mkdir -p ~/.openclaw/skills-data/match cat > ~/.openclaw/skills-data/match/credentials.json <<'EOF' { "agent_key": "loveq_xxx", "api_base": "https://heerweiyi.cc/api/v1" } EOF chmod 600 ~/.opencla

Session Persistence

Medium

Category: Rogue Agent
Content: ## Skill: Scheduled Push Configuration Create **two** cron jobs (morning + evening) that check match status and push updates to your chosen channel. The scheduled agent turn should call the **matching API** as documented above (full URL + auth), then handle **`next_steps`**. **Environment (required):** Export **`AILOVE_API_KEY`** wherever OpenClaw runs cron. Load it from `~/.openclaw/skills-data/match/credentials.json` or your preferred secret store. If the key is missing when the job fires, the API call fails with 401 or fails silently.
Confidence: 80% confidence
Finding: Create **two** cron jobs (morning + evening) that check match status and push updates to your chosen channel. The scheduled agent turn should call the **matching API** as documented above (full URL +

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal