Openclaw Talk Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent conversation-analysis skill, but users should treat cloud AI analysis as a privacy boundary for sensitive transcripts.

Install only if you are comfortable sending selected conversation transcripts to the configured AI provider when using Claude or OpenAI. Redact sensitive personal, customer, employee, legal, medical, financial, or confidential business information unless you have permission and appropriate provider terms; prefer a local LLM mode for sensitive conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes analysis of business conversations using cloud AI providers but does not prominently warn users that transcript contents may be transmitted to third-party APIs. Because conversation data can contain confidential business, customer, employee, or regulated information, this omission can lead to accidental privacy or compliance exposure during normal use.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly advertises use of external AI engines such as Claude and OpenAI, but it does not warn users that uploaded transcripts may be transmitted to third-party providers. Because transcripts can contain sensitive business, customer, employee, or regulated data, this omission can lead to unintended data disclosure and compliance violations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal