Back to skill

Security audit

Compute during Off-Peak Hours for Complex Jobs

Security checks across malware telemetry and agentic risk

Overview

This skill is an off-peak task scheduler that clearly discloses powerful unattended execution, but its packaged script already contains active agent tasks that can post online, read local memory context, write files, and rerun nightly.

Review carefully before installing. Do not run the packaged off-peak-compute.sh as-is; remove the preloaded GitHub and blog tasks, use an empty task list, and prefer one-shot scheduling or a low-privilege environment with scoped credentials for any overnight work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as an off-peak compute utility, but in practice it schedules arbitrary `openclaw agent --message` tasks to run unattended with full user privileges and access to environment credentials. That mismatch is dangerous because users may grant it trust appropriate for batch compute while it actually enables general autonomous actions, external network use, file writes, and indefinite re-execution until tasks are manually removed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script is designed to launch prewritten `openclaw agent` commands automatically at 2 AM via cron, with no approval gate at execution time. Because tasks are stored in an editable script and rerun until manually removed, any unauthorized or accidental modification can trigger autonomous external actions overnight, increasing the risk of unintended data disclosure, spammy outbound activity, or repeated side effects.

Session Persistence

Medium
Category
Rogue Agent
Content
chmod 700 ~/.openclaw/workspace/scripts/off-peak-compute.sh

# Add cron job (runs at 2 AM daily)
(crontab -l 2>/dev/null | grep -v "off-peak-compute"; echo "0 2 * * * \$HOME/.openclaw/workspace/scripts/off-peak-compute.sh") | crontab -

# Verify
crontab -l | grep off-peak
Confidence
99% confidence
Finding
crontab -l

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
chmod 700 ~/.openclaw/workspace/scripts/off-peak-compute.sh

# Add cron job (runs at 2 AM daily)
(crontab -l 2>/dev/null | grep -v "off-peak-compute"; echo "0 2 * * * \$HOME/.openclaw/workspace/scripts/off-peak-compute.sh") | crontab -

# Verify
crontab -l | grep off-peak
Confidence
94% confidence
Finding
crontab -l 2>/dev/null | grep -v "off-peak-compute"; echo "0 2 * * * \$HOME/.openc

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.