ClawHub
Back to skill

Security audit

Goal Mode

Security checks across malware telemetry and agentic risk

Overview

This skill is a local goal-browsing assistant that openly saves session state to the OpenClaw workspace and shows no evidence of code execution, credential use, network access, or hidden data export.

Install only if you are comfortable with goal text, constraints, evaluated page metadata, findings, recommendations, and session history being saved in the local OpenClaw workspace. Avoid using it for highly private browsing unless you plan to review or delete the generated goal-mode and memory files afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states it will persist all session data to the workspace, but it provides no user-facing notice, consent flow, minimization, or retention guidance. Because this skill processes browsing goals and page evaluations across potentially sensitive domains such as health or career decisions, silent storage materially increases privacy and data exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The execution model mandates persistence for every operation before returning a result, which means even exploratory or failed interactions are silently recorded. This creates a systematic privacy issue because users are not warned that all requests and derived analysis will be written to local workspace files and retained beyond the immediate session.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workspace layout specifies broad on-disk storage including active goal pointers, full session state, wrap-ups, live status, latest-session summaries, append-only history, and immutable event logs, yet it lacks any privacy notice or retention control. This design can accumulate sensitive browsing intent and content over time, increasing the blast radius of local compromise or unintended access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs persistent writes to multiple workspace and memory files, including session history and active-goal state, without any indication of user consent, confirmation, or minimization of stored data. This creates a real risk of unauthorized persistence of potentially sensitive browsing goals, findings, and constraints, and the broad 'Always write ALL five files' instruction increases the chance of unnecessary data retention.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly writes to persistent workspace state files (`active-goal.json` and `memory/goal-mode/active-session.md`) as part of a resume operation, but the spec provides no user-facing warning, confirmation, or indication that local persisted state will be modified. In a browsing assistant that maintains session history, silent state mutation can surprise users, overwrite expected state, and create privacy or integrity issues if the active goal pointer is changed without clear notice.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The operation allows irreversible destructive changes to criteria, including permanent loss of coverage data on removal and reset of tracking data on replacement, but does not require an explicit warning, confirmation, or other safety gate. In this skill's context, session data and criteria history drive user progress, so an unintended or manipulated update could silently erase work and degrade the integrity of the browsing session state.

Ssd 3

Medium
Confidence
94% confidence
Finding
Persisting all session data by design creates a data retention risk because natural-language goals, page findings, and summaries may contain sensitive personal or behavioral information. In this skill's context, the risk is heightened because the supported goals explicitly include health and career exploration, which often involve confidential topics.

Ssd 3

Medium
Confidence
96% confidence
Finding
Requiring every operation to write session state and logs before responding encourages comprehensive capture of both user inputs and model-derived interpretations. That makes incidental sensitive information durable and searchable, increasing the chance of leakage through local access, backups, or later reuse beyond the user's expectation.

Ssd 3

Medium
Confidence
98% confidence
Finding
The append-only history, live status file, and immutable per-page event logs are a strong retention anti-pattern for a browsing assistant because they preserve a detailed longitudinal record of user goals and visited content. In a goal-aware browsing context, this can expose interests, decisions, and sensitive research topics far beyond what is needed for immediate functionality.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill explicitly requires persisting complete browsing history, page content-derived findings, and session state across multiple files, including low-relevance pages. This creates a real data retention risk because sensitive URLs, research topics, extracted content, or user intent can be stored long-term in the workspace and reused or exposed beyond the immediate task.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal