agents efficient workflow

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates local handoff notes for multi-agent work, which matches its stated purpose, but users should avoid putting secrets in those shared notes.

Install this if you want agents to coordinate through local handoff files. Review what gets written to ~/.openclaw/shared-handoffs/, avoid secrets or unnecessary private data, and delete old handoff files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: ### 2. Persist the handoff locally before transfer | 交接前先把信息落到本地 Before asking another agent to continue, write a markdown handoff file in the shared handoff directory. 在让另一个 agent 接手前，先在共享交接目录写好 Markdown 交接文件。 Default shared directory / 默认共享目录：
Confidence: 95% confidence
Finding: write a markdown handoff file in the shared handoff directory. 在让另一个 agent 接手前，先在共享交接目录写好 Markdown 交接文件。 Default shared directory / 默认共享目录： - `~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal