Back to skill

Security audit

Mrc Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: monitor MRC canteen tokens and notify the current channel when orders are ready.

Install only if you want a background monitor that polls the MRC Firebase order database every 15 seconds and posts readiness updates to your current channel. Use explicit commands such as 'mrc 73' or 'token 97', avoid messages with unrelated numbers, and remember that local logs may contain token numbers and channel identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to launch a Python script and access Firebase, which implies shell execution and network access, but no permissions are declared. This creates a governance and sandboxing gap: the agent may run capabilities the user or platform has not explicitly authorized, increasing the risk of unintended command execution or external data access.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The skill uses an external CLI to send outbound messages, which expands its effective capabilities beyond simple monitoring and creates a hidden execution dependency on whatever 'openclaw' resolves to in the runtime environment. If that binary is replaced, shimmed, or behaves unexpectedly, the skill could send messages to unintended recipients or execute unreviewed functionality outside the manifest's stated scope.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to activate on any command containing canteen tokens is overly broad and can cause the skill to trigger on unrelated messages that merely include numbers. Because activation launches a background monitor process, false positives can lead to unintended monitoring, unnecessary external queries, and repeated notifications without clear user intent.

Vague Triggers

Low
Confidence
88% confidence
Finding
Using a generic verb like 'monitor' as a trigger increases the chance of accidental invocation during ordinary conversation. In this skill, accidental activation is less severe than code injection, but it still can start background polling and external communication the user did not explicitly request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.