test0413-6348

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local OpenClaw skill audit tool; its broad file reading and local snapshots fit that purpose, but users should review scheduling and stored diff contents.

Install only if you want a local auditor that scans and copies your OpenClaw skills directory. Keep secrets out of skill files, confirm the notification channel and timezone before enabling cron, and do not grant wallet or OAuth credentials for this skill because the artifacts do not need them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The example cron command hard-codes `--tz "Asia/Shanghai"`, which can cause jobs to run at unexpected times if users copy it verbatim. While not a direct code-execution issue, forcing a timezone without user opt-in can mislead users and create operational or notification-routing problems.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The context profile system uses very broad, generic keywords such as 'run', 'file', 'text', 'monitor', and 'agent' to decide when to ignore or downgrade security rules. This can cause misclassification of unrelated skills and suppress detection of genuinely dangerous behavior, creating a policy-bypass condition in the scanner rather than directly executing malicious code.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal