AI Customer Service Scripts Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward AI customer-service reply generator, with the main caveat that customer messages are sent to an external API and generated replies should be reviewed.

Install only if you trust the openclaw package and the OpenClaw API account you configure. Do not submit sensitive customer data unless your organization permits sending it to that provider, and review generated replies before using them with customers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 1

Medium

Confidence: 98% confidence
Finding: Untrusted customer input is interpolated directly into the LLM prompt as plain instruction-bearing text, so a customer can embed adversarial content such as role overrides, refusal-bypass text, or hidden instructions. In this skill, that can cause the model to ignore the intended customer-service format and produce manipulated, policy-violating, or misleading outputs, which is especially risky because the tool is explicitly generating business-facing replies.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal