Skill Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill’s auditing, logging, diffing, and optional monitoring behavior is disclosed and fits its security-audit purpose.

Install this if you want local security auditing and change monitoring for OpenClaw skills. Before enabling cron, change the timezone and notification target to your own values, confirm what workspace it scans, and avoid sending raw diffs to external channels unless you have checked them for secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares no explicit permissions, yet its own description clearly indicates capabilities for reading and writing local files, invoking shell/subprocess tools, and potentially participating in agent-mediated networked notification flows. This mismatch can mislead users and policy engines about the skill's real trust boundary, reducing informed consent and increasing the chance of unsafe deployment.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The sample cron command hard-codes `Asia/Shanghai`, which can cause monitoring to run at unexpected times and may confuse audit expectations or notification delivery behavior for users in other regions. While not directly exploitable code execution, forcing locale/time assumptions without opt-in is unsafe operational guidance in a monitoring skill.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Initialization and Manual Monitoring Setup (Agent Directive) When the Agent first loads this skill, it may perform **local initialization**, but it must **not automatically create cron jobs**. Instead, it should guide the user to create monitoring explicitly: 1. Check if `~/.openclaw/skills-audit/state.json` exists 2. If not, run initialization:
Confidence: 76% confidence
Finding: create cron jobs**. Instead, it should guide the user to create monitoring explicitly: 1. Check if `~/.openclaw

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal