Poll competitive crawl triggers, aggregate the last 6 months of product, review, and QA data by category, produce structured analysis context and a report skeleton, upload outputs to OSS, then send a DingTalk summary. Use for database-driven scheduled competitor analysis in OpenClaw.

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed competitor-analysis reporting workflow that reads configured database tables, uploads generated reports to OSS, sends DingTalk summaries, and updates trigger status.

Install only with least-privilege credentials: read access to the analysis tables, update access only to the trigger consumption fields, a dedicated OSS bucket or prefix, and an approved DingTalk webhook. Generated reports and analysis_context.json may contain business-sensitive competitive data and are uploaded externally, so review the destination and sharing policy before scheduling it against production data.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill declares powerful capabilities via metadata requirements and documented behavior—environment secrets, file generation, network delivery to OSS and DingTalk—but does not expose an explicit permissions model. That creates a governance gap: operators and automated policy engines cannot accurately evaluate or constrain what the skill can access, increasing the chance of over-privileged deployment and unintended data exfiltration through uploads or webhook notifications.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description materially understates behavior: it claims to produce analysis context and a report skeleton, but the documented/code behavior also performs full report generation, database state mutation, schema validation, uploads artifacts, and records result URLs. This mismatch is dangerous because reviewers may approve or schedule the skill under incorrect assumptions, leading to unintended modification of production data and broader data dissemination than expected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal