Back to plugin

Security audit

Fluent

Security checks across malware telemetry and agentic risk

Overview

Fluent is a disclosed OpenClaw plugin for connecting meals and style context through Fluent, with expected auth and MCP setup behavior.

Install only if you want OpenClaw connected to your Fluent account or self-hosted Fluent runtime. Review the requested meals/style read and write scopes plus offline access, and remember that the plugin will store Fluent auth tokens and update your OpenClaw MCP configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough to activate on many ordinary meal-related requests, which can cause the skill to engage outside a narrowly intended scope. Over-broad routing is dangerous because it may unnecessarily expose pantry, grocery, recipe, or preference context to a skill when a more general response would suffice, increasing the chance of unintended data use or incorrect tool invocation.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.