Back to skill

Security audit

Dida Agent Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a real OpenClaw troubleshooting skill, but it gives an agent broad repair authority and includes ongoing self-update and cleanup workflows that need review before use.

Install only if you want an OpenClaw operational repair assistant. Before enabling it, disable or manually approve weekly self-updates, review every proposed reference or SKILL.md change, and require explicit confirmation before deletion, Docker prune, service restart, cron update, or sub-agent kill actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill's self-evolution workflow expands from local diagnosis/remediation into recurring external retrieval of web content, which materially broadens the trust boundary and attack surface. Even though the examples target engineering best practices, importing and acting on externally sourced guidance can lead to prompt/data poisoning, unsafe updates to local references, and indirect self-modification without adequate review.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill claims external messaging must not be sent, yet later prescribes outbound network requests for self-update. This inconsistency can cause operators or downstream agents to believe network egress is prohibited while the workflow still performs it, undermining policy enforcement and making unauthorized data flows more likely.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manual trigger phrases are broad enough to match ordinary troubleshooting requests, which can cause the optimizer skill to activate in situations the user did not specifically intend. In this skill's context, that matters because the skill is designed to diagnose and propose repairs for system and workflow issues, so accidental invocation increases the chance of unnecessary log access, configuration-oriented actions, or disruptive remediation suggestions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The automatic trigger condition for 'performance degradation' is underspecified, with no concrete thresholds, baseline, or time window. In an auto-triggered self-healing skill, ambiguous criteria can lead to frequent false positives or attacker-induced triggering, causing unnecessary diagnostics, churn, and possible pressure toward unsafe remediation actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template includes destructive cleanup commands that delete files and prune Docker resources without any safety checks, confirmation prompts, scope limitation, or warning about irreversible data loss and operational side effects. In a self-healing/optimizer skill, an agent may apply these commands automatically during troubleshooting, making accidental deletion of logs, memory artifacts, or container resources more likely.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The template recommends restarting or stopping services without warning about downtime, in-flight task interruption, or dependency impact. In an automated repair context, this can cause avoidable service disruption or mask root causes by repeatedly bouncing components.

Self-Modification

High
Category
Rogue Agent
Content
## 触发方式

### Cron 自动触发
- 每周日 03:00 执行一次(cron 任务:agent-optimizer-self-update)
- 执行环境:isolated session, agentTurn

### 手动触发
Confidence
96% confidence
Finding
self-update

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Anthropic 最新实践
curl -s "http://localhost:3004/search?q=anthropic+claude+agent+engineering+tool+use+patterns+best+practices&format=json&engines=bing,duckduckgo" | python3 -c "
import json, sys
data = json.load(sys.stdin)
for r in data.get('results', [])[:5]:
Confidence
97% confidence
Finding
curl -s "http://localhost:3004/search?q=anthropic+claude+agent+engineering+tool+use+patterns+best+practices&format=json&engines=bing,duckduckgo" | python

External Script Fetching

High
Category
Supply Chain
Content
" 2>/dev/null

# OpenAI 最新实践
curl -s "http://localhost:3004/search?q=openai+agent+patterns+function+calling+structured+outputs+error+recovery&format=json&engines=bing,duckduckgo" | python3 -c "
import json, sys
data = json.load(sys.stdin)
for r in data.get('results', [])[:5]:
Confidence
97% confidence
Finding
curl -s "http://localhost:3004/search?q=openai+agent+patterns+function+calling+structured+outputs+error+recovery&format=json&engines=bing,duckduckgo" | python

External Script Fetching

High
Category
Supply Chain
Content
" 2>/dev/null

# 行业 Agent 架构趋势
curl -s "http://localhost:3004/search?q=llm+agent+architecture+patterns+self+healing+error+recovery+2026&format=json&engines=bing,duckduckgo" | python3 -c "
import json, sys
data = json.load(sys.stdin)
for r in data.get('results', [])[:3]:
Confidence
97% confidence
Finding
curl -s "http://localhost:3004/search?q=llm+agent+architecture+patterns+self+healing+error+recovery+2026&format=json&engines=bing,duckduckgo" | python

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.