TechPulse

Security checks across malware telemetry and agentic risk

Overview

TechPulse is a simple trend-reporting skill that fetches public Reddit posts and prints a local report, with no evidence of credential access, persistence, or hidden behavior.

Install only if you are comfortable with OpenClaw loading this skill and with the script contacting Reddit when you run it. Treat the output as a small public-Reddit snapshot, not comprehensive AI research or business advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description is very broad and does not clearly define the skill's trigger conditions or operational boundaries. In an agent environment, vague scoping can cause the skill to be invoked in unintended contexts, increasing the chance of irrelevant data access, unsafe delegation, or misuse beyond the author's apparent intent.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The description is written in Russian without indicating that Russian is optional or user-selected. This can cause incorrect routing, user confusion, or responses in an unexpected language, which may reduce transparency and reliability and in some cases hide unsafe behavior from users or reviewers who do not understand the language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal