ClawHub

ohmytoken

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends limited token-usage counts to ohmytoken.dev so the user can view usage visualizations.

Install only if you are comfortable sending model names and token counts to ohmytoken.dev after LLM calls. Use a dedicated ohmytoken API key, prefer the environment variable over committed config files, and avoid this skill in workplaces where model-usage metadata is regulated or confidential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill transmits LLM usage telemetry to a third-party endpoint on every response, but the code provides no disclosure, consent flow, or clear necessity for external sharing. Even though the payload appears limited to model and token counts, this is still undisclosed exfiltration of operational metadata and creates privacy, compliance, and supply-chain risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to obtain an API key from an external site and configure the skill, but it does not explicitly disclose that token-usage data will be sent off-platform to that service. Because the skill's purpose is real-time visualization on ohmytoken.dev, users may unknowingly transmit usage metadata to a third party, creating privacy and compliance risk, especially in enterprise or regulated environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states it reports telemetry after each LLM call and that it runs silently in the background, while requiring users to store an API key in an environment variable. Even though the documented payload is limited to model name and token counts, this is still background exfiltration to a third-party service and creates privacy, consent, and secret-handling risk if users do not fully understand the ongoing data flow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code silently sends telemetry to an external service and suppresses all errors, which makes the behavior hard for users and operators to notice. In a skill/plugin context, hidden network transmission is more dangerous because users may assume local operation while metadata is being exported off-platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal