Back to skill

Security audit

Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a workplace management automation skill with disclosed useful features, but it needs Review because it can monitor employee communications, store profiles, contact cloud services, schedule recurring scans, send messages, and run shell diagnostics with incomplete scoping and privacy disclosure.

Install only after reviewing whether proactive workplace monitoring is appropriate for your team. Configure the smallest possible channel, project, and cloud permissions; inform affected employees; review cron jobs and memory retention; avoid granting shell execution unless tightly controlled; and require explicit approval for cloud use, knowledge-base writes, scans, alerts, and message sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill explicitly claims that no local data is sent to the cloud, but its documented API usage includes sending boss-provided topics and employee names to remote endpoints. This is a transparency and data-handling mismatch that can mislead users into sharing sensitive workforce or business information under false assumptions about data locality.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The Chinese section says the skill works with 'zero external dependencies,' but other sections describe reliance on external websites, cloud APIs, messaging systems, and web/integration access. This inconsistency can mislead users about the trust boundary and cause them to enable the skill without understanding that data may leave the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises periodic signal scanning, check-ins, employee profiling, alerts, and writing decisions/notes to external or local systems, but it does not clearly warn users that employee communications and performance-related data may be collected, analyzed, retained, and surfaced automatically. In a management-monitoring skill, this omission is security-relevant because operators may deploy continuous monitoring without informed consent, appropriate access controls, or review of privacy and employment-law implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to connect ChatGPT/Gemini via a remote MCP endpoint at manageaibrain.com and promotes optional cloud features such as analytics, board discussions, and benchmarking, but it does not plainly warn that organizational data, employee information, prompts, and tool outputs may be transmitted to and processed by a third-party cloud service. Because this skill is positioned as management middleware spanning messaging, reports, and employee status, the undocumented data egress materially increases confidentiality and compliance risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.