Security audit

Session Logs (YiHui)

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps search local OpenClaw session logs, which is sensitive but matches its stated purpose.

Install only if you are comfortable with the agent inspecting local OpenClaw session logs. Use narrow searches when possible, avoid displaying secrets or unrelated private history, and review any excerpts before sharing them elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to search complete historical session logs, which can expose prior conversation content, metadata, and potentially sensitive information from older chats. In context this is the core feature of the skill, but it lacks guardrails, warnings, minimization guidance, or access-control checks, making accidental privacy leakage more likely when users ask about prior conversations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal