Back to skill

Security audit

OpenCLI Tool Integration

Security checks across malware telemetry and agentic risk

Overview

This is a broad OpenCLI bridge that appears purpose-aligned, but it gives agents access to logged-in browser sessions, desktop apps, downloads, and powerful local CLIs without enough scoping or consent guidance.

Install only if you trust OpenCLI, its browser extension, and any accounts or local tools it can reach. Use a separate Chrome profile and non-production GitHub, Docker, and Kubernetes contexts where possible, and require explicit approval before logged-in access, writes, deletes, publishing, downloads, desktop automation, or infrastructure-changing commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad generic terms such as “热门”, “平台数据”, and “社交媒体”, which can cause the skill to activate in contexts far beyond the user's intent. Because this skill can access logged-in browser sessions, control desktop apps, and invoke external CLIs, accidental activation materially increases the chance of unintended data access or side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises the ability to write to Notion, send messages via ChatGPT/Discord, download content, reuse Chrome login state, and pass commands to tools like gh, docker, and kubectl, but it does not present a clear user-facing risk notice or consent model for these sensitive operations. In this context, the combination of authenticated browser access, local app automation, and external CLI execution makes omissions in warning and authorization especially dangerous, because users may not realize the skill can affect local systems and third-party accounts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.