Back to skill

Security audit

Images Sender

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can automatically send local images through Messages and has weak safety controls around confirmation, retained copies, and AppleScript input handling.

Install only if you are comfortable letting an agent send images through your Mac Messages account. Use explicit file paths and recipient numbers, avoid unusual characters in filenames or recipients until AppleScript escaping is fixed, and periodically clear ~/Pictures/openclaw-send if the images are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
end tell
    '''
    
    result = subprocess.run(
        ['osascript', '-e', script],
        capture_output=True,
        text=True
Confidence
96% confidence
Finding
result = subprocess.run( ['osascript', '-e', script], capture_output=True, text=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises shell execution and file-writing behavior but declares no permissions, which undermines transparency and any permission-based safety controls. In this context, the skill copies arbitrary image files into a local directory and invokes a script to send them through Messages, so the missing declaration can cause users or orchestrators to authorize behavior they were not clearly informed about.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition is broad: a generic request to send an image causes the skill to act automatically, increasing the chance of unintended invocation. Because the skill can copy local files and send them to a phone number via iMessage, accidental triggering could disclose user data or send the wrong file without deliberate confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description omits an important warning that the skill will automatically copy files into ~/Pictures/openclaw-send/ and send them through Messages. That missing disclosure makes the behavior more dangerous because users may not realize local data is being duplicated and transmitted, impairing informed consent and safe use.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Send Image

When user requests to send an image, automatically send via iMessage to the phone.

### Manual Commands
Confidence
88% confidence
Finding
automatically send

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.