Oraclaw Pathfind

Security checks across malware telemetry and agentic risk

Overview

This is a narrow pathfinding skill that requires an Oraclaw API key and paid external use, with no local executable code or hidden authority found.

Install only if you intend to use Oraclaw's external paid pathfinding service. Use a scoped API key if available, monitor usage and billing, and avoid including confidential project names, dependency structures, cost figures, or risk details unless you trust Oraclaw's data handling terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The manifest declares an ORACLAW_API_KEY requirement and the skill is clearly tied to a paid external service, but the user-facing description and usage guidance do not explicitly disclose that requests will involve an external provider or that credentials are required. This can mislead operators into invoking the skill without understanding data may be sent off-platform and billed, increasing the risk of unintended credential use, privacy exposure, or unexpected charges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal