Kimiim

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kimi group-chat helper skill, with expected but sensitive access to group messages, members, files, and local workspace memory.

Install this only if you want an agent to operate in Kimi group-chat contexts. Treat group messages, member lists, attachments, and the local memory.md file as potentially sensitive, and review or clear the .openclaw workspace memory when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description contains mandatory and expansive activation language such as 'MUST use this skill' for any Kimi Group Chat, sessions, messages, threads, files, attachments, or multi-agent collaboration. This can cause the orchestrator to invoke the skill in overly broad contexts, increasing the chance that untrusted chat content, files, or collaboration workflows are routed through a high-privilege messaging/file-handling skill unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal