Back to skill

Security audit

Huo15 Openclaw Multi Agent

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed multi-agent orchestration guide, but its broad activation language could cause agent spawning without clear user intent.

Install only if you intentionally want multi-agent orchestration. Before using it, review and narrow the activation phrases, require explicit confirmation before spawning workers, and monitor any subagent tasks for cost, data sharing, and completion behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The error-handling example shows `await sessions_spawn(...)` inside a try/catch even though the document repeatedly states that `sessions_spawn` is non-blocking and results are delivered asynchronously via announce plus `sessions_yield`. This inconsistency can cause implementers to build incorrect orchestration logic, potentially leading to hung workflows, missed child results, unsafe polling workarounds, or broken control flow in automation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Aliases such as `多智能体`, `multi agent`, and `sessions_spawn` are broad enough to match ordinary discussion or unrelated requests, which can cause the skill to activate outside the user's intent. In a multi-agent orchestration skill, accidental activation is more dangerous than usual because it can fan out tasks, consume additional tools/resources, and expand the operational surface unexpectedly.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation example `帮我同时处理...` is common conversational language and can overlap with many everyday requests that do not imply consent to spawn multiple agents. Because this skill can initiate parallel workers and aggregate their outputs, ambiguous activation increases the risk of unintentional tool use, excess cost, and broader data exposure across subagents.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The script’s user-facing content is entirely in Chinese and presents the workflow as if that language choice is mandatory, without offering any language selection or fallback. This can exclude or confuse users who do not understand Chinese, increasing the risk of misoperation or inability to review what the skill is doing, though it does not directly enable code execution or privilege abuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.