Knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local knowledge-base helper, but its core runtime behavior is delegated to a missing local Python module, so users cannot verify what will handle their documents and queries from the package alone.

Install only if you can inspect and trust the missing openclaw_integration helper and the local service on 127.0.0.1:8001. Avoid uploading sensitive documents until you know where files are stored, how they can be deleted, and whether AnythingLLM or other providers receive queries or document content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 70% confidence
Finding: The help text tells users they can directly upload files into the knowledge base but provides no warning about retention, indexing, access scope, or sensitive-data handling. In a knowledge-base integration skill, this can lead users to submit confidential files under unsafe assumptions, creating a real privacy and data-governance risk even if the upload path is implemented elsewhere.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal