ClawHub

Agent Usage Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible usage-report tool, but it can read and reproduce private OpenClaw session and memory data with weak scoping and broad triggers.

Install only if you intend the skill to inspect your local OpenClaw session history and memory files. Review the generated report carefully before saving or sharing it, and be aware that the documented --workspace option does not actually scope all reads in the current script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs users to run a script that reads session logs and memory files and can write an output report, but the manifest does not declare corresponding permissions or present them transparently. This creates a consent and auditability gap: users may invoke a reporting skill without realizing it accesses potentially sensitive local conversation history and writes derived summaries to disk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include very generic terms such as '周报', '生成周报', and 'usage report', which can match ordinary user requests that do not imply consent to scan local logs and memory. Because this skill performs local data access, broad activation language increases the chance of unintended invocation and inadvertent exposure of sensitive historical data in the generated report.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description says the skill automatically reads session logs and memory files, but it does not present this as a clear warning or consent-relevant notice to the user at invocation time. Since those sources may contain sensitive prompts, outputs, operational details, or personal information, the lack of upfront warning materially increases privacy risk and the chance of surprising data access.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal