OpenClaw AgentForge Compare

Security checks across malware telemetry and agentic risk

Overview

This is a coherent hosted MCP skill for comparing AI coding tools, with no local code, persistence, credential access, or destructive behavior shown.

Install only if you are comfortable sending AI-tool comparison and recommendation prompts to this hosted MCP provider. Avoid sharing confidential procurement plans, sensitive budgets, or proprietary workflow details unless you trust the operator and their privacy claims.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: Broad trigger phrases like 'which AI coding tool' or 'best AI assistant' can cause the skill to activate on loosely related user requests, routing conversations to this external comparison service without sufficiently specific user intent. In an agent environment, overbroad activation increases the chance of unnecessary tool invocation, data exposure in prompts, and degraded trust in tool-selection behavior.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: Recommendation triggers such as 'recommend an AI tool for' and 'best tool for startups' lack clear boundaries and can match broad advisory requests outside the intended scope. This can lead an orchestrating agent to invoke the skill prematurely, before confirming the request is about AI coding tools and before gathering the minimum context needed for a safe, relevant recommendation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal