Back to skill

Security audit

Task Watchdog

Security checks across malware telemetry and agentic risk

Overview

This plugin’s watchdog purpose is understandable, but it auto-starts and points to runtime code that was not included in the reviewed artifacts.

Install only if you trust the publisher and can verify the actual npm package contents, especially ./dist/index.mjs. Be comfortable with startup activation, periodic watchdog checks, and automatic session notifications before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Natural-Language Policy Violations

Low
Confidence
86% confidence
Finding
This file includes both English and Chinese documentation, which indicates language choice rather than a forced locale. Under the stated policy, this is not a violation because the skill does not require users to use a single language without opt-in.

Vague Triggers

Low
Confidence
79% confidence
Finding
This manifest file contains a natural-language description of the plugin's behavior, but it does not specify the exact conditions or scope under which the watchdog activates beyond general phrases like subagent failure and abnormal exit. In a manifest context, the lack of explicit trigger boundaries or exclusion cases can make invocation behavior ambiguous.

Unpinned Dependencies

Low
Category
Supply Chain
Content
}
  },
  "devDependencies": {
    "typescript": "^5.7.0",
    "openclaw": "2026.5.7"
  }
}
Confidence
40% confidence
Finding
"typescript": "^5.7.0"

Known Vulnerable Dependency: openclaw==2026.3.22 — 10 advisory(ies): CVE-2026-41913 (OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret r); CVE-2026-43526 (OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetche); CVE-2026-43530 (OpenClaw: busybox and toybox applet execution weakened exec approval binding) +7 more

High
Category
Supply Chain
Confidence
80% confidence
Finding
openclaw==2026.3.22

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.