ClawHub

Dalong Session Logs

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only helper for searching a user's own OpenClaw session logs, with a real privacy risk because those logs may contain sensitive prior conversations.

Install only if you are comfortable letting the agent search local OpenClaw session transcripts. Use specific dates, session IDs, and keywords where possible, and avoid revealing unrelated results because old transcripts may contain secrets, personal information, or private context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly enables searching the agent's complete historical session logs, which may contain sensitive user data, credentials, secrets, or prior private context, but it provides no safety gating, minimization guidance, or warning about exposing that data. Because it is designed to retrieve prior conversations on demand, an attacker or confused user could induce disclosure of unrelated historical content beyond the current conversation's intended scope.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to search complete prior conversation logs, including user messages, whenever a user asks about earlier chats or historical context. In context, this materially increases the chance of unauthorized cross-session data access and prompt-induced exfiltration, because the skill normalizes broad retrieval of raw transcripts rather than applying any boundary checks or least-privilege handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal