claw-radio

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed radio-station helper, but users should review its local Docker/SearxNG setup steps and avoid the stereotype-based persona example.

Install only if you trust the Homebrew tap, Docker image, and media dependencies. Before running the SearxNG bootstrap, check whether you already have a searxng container or custom config you care about. Stop the tmux/radio session when finished, and choose host personas based on genre or fictional traits rather than protected-characteristic stereotypes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent/user to forcibly remove a Docker container and create persistent local configuration under the user's home directory without an explicit warning or confirmation step. This changes local system state and can destroy an existing `searxng` container or overwrite expected service setup, which is unsafe for an agent skill operating on a user's machine.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs patching and overwriting `~/.openclaw/searxng/settings.yml`, then recreating the container with that mounted config, but does not clearly frame this as a persistent service configuration change. Even with a `.bak` backup, an agent could silently modify a long-lived local service and leave the system in a changed state the user did not intend.

Natural-Language Policy Violations

High

Confidence: 98% confidence
Finding: The skill explicitly tells the agent to adopt a persona using stereotype-based examples tied to protected characteristics, such as sexual orientation and nationality. This is dangerous because it encourages discriminatory or harassing content generation and can cause the agent to produce policy-violating, offensive, or reputationally harmful output during normal use.

Ssd 1

Medium

Confidence: 93% confidence
Finding: The role-play framing is not inherently unsafe, but here it is used to steer the model toward exaggerated stereotype-based identity performance. In context, the fictional radio-host setup increases the chance the agent will treat harmful caricature as part of the task, which can normalize unsafe outputs rather than constrain them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal