Back to skill

Security audit

advanced-skill-creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill-creation helper, but it overstates simulated research as completed research and uses broad automatic triggers without clear user control.

Install only if you want a draft helper for creating OpenClaw-style skills. Treat its research output as unverified, manually check any generated SKILL.md files and scripts before use, avoid giving it secrets or private repository content, and require confirmation before allowing external lookups or generated skill installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to access external documentation, query public skill hubs, search GitHub/community sources, and references custom automation via Python/Bash, which implies network and shell-capable behavior. Because these capabilities are not explicitly constrained or permission-scoped in the skill contract, the agent may perform higher-risk actions than a user expects, increasing the chance of unsafe execution paths or abuse if the skill is triggered unexpectedly.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function claims to consult official documentation but only returns hard-coded URLs and fabricated extracted information. In a security- or standards-sensitive workflow, this can mislead downstream users or agents into believing requirements were verified from authoritative sources when they were not, causing unsafe or noncompliant skill generation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code states it researches public skills but instead synthesizes results from fixed logic over input keywords. This creates false assurance that community-vetted patterns, dependencies, and security properties were evaluated, which may cause users or automated systems to trust unverified recommendations.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The function advertises a best-practices search but returns a static predefined object regardless of inputs or current guidance. Because security best practices evolve, presenting static canned guidance as live research can lead to stale or incomplete controls being treated as sufficient.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The overall skill is represented as an advanced processor that executes an official 5-step research flow with comprehensive analysis, but the implementation is entirely mock data and simulated steps. In this context, the deception is more dangerous because the skill is meant to guide creation or modification of other agent skills, so false research claims can propagate insecure designs, compliance failures, and misplaced trust across additional generated artifacts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The usage text says the skill activates 'when triggered' and then performs broad research and generation actions, but it does not define clear trigger boundaries, scope limits, or required user confirmation. In an agent setting, vague invocation criteria can cause the skill to run in unintended contexts and initiate unnecessary external research or content generation beyond the user's precise request.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger condition matches very generic phrases such as '写skill' and '创建技能', causing the skill to activate for a broad range of ordinary requests. Over-broad activation can route unrelated conversations into a workflow that performs unnecessary external research, shell/network use, or imposes rigid output behavior, creating both security and reliability risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The body text repeats broad activation guidance without adding scope controls, reinforcing ambiguous routing behavior beyond the frontmatter trigger. Duplicated vague criteria can cause the orchestrator or downstream agents to over-apply the skill, making unsafe tool use and unintended behavior more likely in benign conversations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad phrases such as '写skill', '创建技能', and '写一个让它...' that are likely to appear in ordinary user requests, which can cause the skill to activate outside narrowly intended scenarios. In a skill-creation handler that may drive research or code-generation workflows, over-triggering increases the chance of unintended execution, prompt hijacking opportunities, and confusing behavior across unrelated conversations.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Usage

When triggered, this skill automatically performs comprehensive research and generates properly structured skills that follow official standards and best practices.
Confidence
81% confidence
Finding
automatically perform

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.