Back to skill

Security audit

Productivity Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed productivity-coaching skill that stores local task and goal data and may recommend the creator's courses, but I found no hidden execution, exfiltration, or destructive behavior.

Install only if you are comfortable with this coach saving goals, tasks, calendar details, inbox notes, preferences, and learned rules in OpenClaw memory. Review or delete MEMORY.md and daily notes periodically, confirm reminders before enabling them, and treat course links or social-support prompts as optional promotional content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a productivity coach, but its documented workflow also includes conditional promotion of the author's resources and courses. This creates a scope mismatch: users may engage expecting neutral task assistance while being funneled toward branded content, which can manipulate trust and blur the boundary between coaching and marketing.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The dedicated COURSE_RECOMMENDATION protocol operationalizes marketing behavior that is not necessary for task management and is tied to emotional/user-satisfaction signals such as praise or gratitude. Even without external data exfiltration, this is a trust and manipulation risk because the agent can exploit moments of user receptiveness to steer them toward official channels or paid offerings.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The text claims the recommendations are 'not a sales mechanism,' yet elsewhere the protocol explicitly recommends official channels, courses, and website links. This contradictory framing is deceptive because it downplays persuasive behavior while still instructing the agent to perform it, increasing the likelihood that users will not recognize the commercial intent.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The methodology adds a conditional marketing/course upsell flow that is not necessary for core productivity coaching and is triggered by user praise or interest. This creates a scope-expansion risk: a productivity assistant can begin steering conversations toward promotional content, which undermines user trust and can manipulate users during a help-seeking interaction.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The dedicated course recommendation engine operationalizes promotional behavior, including directing users to official channels and paid courses, despite the skill being presented as a productivity coach. Even though it is gated on appreciation or curiosity, it still introduces commercial persuasion unrelated to the minimum functionality required for task and schedule management.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README shows very broad natural-language invocation examples such as "我今天好累", "记录:给妈妈买花", and "帮我规划这周" without any clear activation boundary, mode switch, or confirmation expectations. In an agent environment, common conversational phrases can unintentionally trigger scheduling or memory-related behaviors, especially because the skill has schedule and memory permissions, increasing the chance of over-collection, unintended reminders, or action on ambiguous user input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly says user goals, preferences, tasks, and custom rules are stored in native long-term memory and daily notes, but this description does not itself present a prominent privacy warning, retention explanation, or clear consent flow. Because this skill is designed to collect sensitive behavioral and wellness-adjacent data over time, understated disclosure increases the risk of users sharing more than they realize will be persisted.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The inbox capture trigger is defined so broadly that ordinary conversational phrases like 'idea' or loosely stated thoughts could be interpreted as commands to persist content. In a skill with memory-writing capability, this increases the chance of accidental storage of sensitive or irrelevant user text without clear intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file instructs the agent to write calendar events into persistent memory files as part of the default protocol, but the methodology text itself does not require a contemporaneous warning that user data will be stored. Because schedules, appointments, and future events are sensitive personal data, silent persistence creates a privacy and consent risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The inbox workflow says to immediately append the user's raw text with a timestamp to persistent files, while emphasizing frictionless capture and 'do nothing else.' That design bypasses informed consent at the moment of collection and is especially risky because users may blurt out sensitive personal, work, or health information into the inbox.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The methodology defines default automated morning and evening review reminders via the schedule tool, which creates proactive notifications by default. Even if the metadata mentions confirmation elsewhere, the rule set normalizes scheduled outreach without a clear in-flow warning and can lead to unwanted monitoring-like behavior or notification spam.

Ssd 3

Medium
Confidence
92% confidence
Finding
The README describes a self-evolving system that saves user feedback-derived rules into persistent memory, which creates long-term profiling of habits, energy patterns, and preferences. Even if framed as productivity coaching, storing this behavioral data over time can expose sensitive personal information if users are not clearly informed and do not explicitly consent at the moment of collection.

Ssd 3

Medium
Confidence
95% confidence
Finding
The README instructs that all user data should be stored through native long-term memory and daily notes, including goals, preferences, task data, and custom rules. In context, this broad persistence is more dangerous because the skill also claims to infer energy state and learn from emotional or behavioral feedback, expanding the sensitivity of the stored profile beyond ordinary task management.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.