Huo15 Openclaw Simplify

Security checks across malware telemetry and agentic risk

Overview

This appears to be a code cleanup/refactoring helper with broad trigger wording, but no artifact-backed evidence of hidden or unrelated unsafe behavior.

Install only if you want an assistant to inspect and modify code for cleanup or refactoring. Use explicit requests, review proposed diffs before accepting edits, and avoid invoking it with casual ambiguous phrases if you do not want code changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill metadata includes broad aliases and trigger phrases such as '简化代码', 'code cleanup', and similar generic requests that are common in normal conversation. This can cause unintended activation in contexts where the user did not explicitly intend to invoke this skill, leading the agent to perform repository inspection and code modification workflows unexpectedly.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The activation examples use ambiguous everyday phrases like '简化一下' and '重构一下' without disambiguation rules or confirmation requirements. In this skill's context, accidental invocation is more dangerous because the documented workflow proceeds from scanning recent changes to proposing and then performing edits, which could alter code when the user only meant to ask a casual question.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal