Forex Skill

Security checks across malware telemetry and agentic risk

Overview

This looks like a Forex analysis skill bundled with a live OpenClaw user environment, including credentials, tokens, browser state, cron jobs, and persistent-agent instructions that are not needed for the advertised purpose.

Do not install this version as-is unless you intentionally want to import the publisher’s OpenClaw runtime state. The publisher should republish a minimal skill package with only the Forex instructions/code and no personal workspace files, browser profile, cron jobs, device keys, Telegram/OpenRouter/Google tokens, or paired-device/operator credentials. Any exposed credentials in this artifact should be rotated or revoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: This file contains a plaintext private key directly embedded in the skill artifact. Anyone who can read the repository, package, logs, or deployed filesystem can extract the key and impersonate the device, decrypt/sign traffic as that identity, or pivot into systems that trust this credential.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file instructs the agent to delete `BOOTSTRAP.md` after reading it, but provides no safety check, confirmation step, or retention guidance. This is dangerous because bootstrap files may contain provenance, setup details, or audit-relevant instructions, and deleting them automatically can destroy evidence or important configuration without user awareness.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction to 'be proactive' and 'don't ask user' creates ambiguous autonomy boundaries for the agent. In a skill context, this can cause the agent to initiate environment-changing actions without explicit consent or clear policy checks, increasing the risk of unintended side effects.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The memory instructs the agent to automatically start a browser service in the background without notifying the user. Automatically launching processes can alter system state, consume resources, and potentially expose browser/session surfaces without the user's awareness.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file explicitly tells the agent to treat these files as persistent memory and to read and update them each session, but it does not require clear user consent, change disclosure beyond this specific file, or safeguards around what may be written. In an agent context, this can lead to silent modification of user-controlled data, persistence of incorrect or sensitive information, and unexpected behavior across sessions.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - Nothing new since last check - You just checked <30 minutes ago **Proactive work you can do without asking:** - Read and organize memory files - Check on projects (git status, etc.)
Confidence: 82% confidence
Finding: without asking

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal