Back to skill

Security audit

Skill Crafter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-authoring helper that scaffolds and registers skill files, with no evidence of hidden credential access, exfiltration, destructive actions, or unrelated persistence.

Install this only if you want an assistant to create and register OpenClaw skills. Before registration, review the generated SKILL.md and any scripts, especially if a generated skill proposes cloning repositories, installing dependencies, writing outside the workspace, or embedding details from private conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run shell commands and create or modify files (`init_skill.py`, `ima_skill_create`, and `file_edit`) but does not declare permissions or constraints for those capabilities. This creates a real safety gap because a broadly triggered skill could perform filesystem writes and command execution without explicit scoping, increasing the chance of unintended or unsafe actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The example explicitly instructs the skill to automatically `git clone` an external repository if a local dependency is missing. Pulling and executing externally sourced code expands the trust boundary and introduces supply-chain risk that is not strictly necessary for a documentation/example skill, especially without pinning, integrity verification, or explicit user approval.

Vague Triggers

Medium
Confidence
80% confidence
Finding
This skill is designed to trigger on broad natural-language requests such as creating or turning a process into a skill, and its own guidance emphasizes maximizing trigger coverage. Overly broad invocation phrases can cause the agent to select this skill in unintended contexts, which is especially risky here because the skill then performs file creation, editing, and registration actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document describes automatically cloning a repository and creating output directories, which are state-changing operations on the local workspace/system, but does not clearly foreground user consent or safety boundaries. In an agent setting, undocumented filesystem and network side effects can lead to unexpected modifications, reduced auditability, and increased risk if the referenced repository or path is untrusted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.