ClawHub
Back to skill

Security audit

Julia's OpenClaw Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill appears aimed at lowering model costs, but it can persistently change agent model settings without clearly requiring approval first.

Before installing, treat this as a skill that can change your agent's default model routing for future sessions. Use it only if you are comfortable reviewing proposed model changes, ask for a preview/diff and rollback instructions before any config.patch, and verify that the target models and providers match your cost, privacy, and reliability expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation example, 'Optimize my config for cheap reasoning,' is broad and can trigger actions that search external pricing data, benchmark models, and patch gateway configuration without clearly limiting scope or requiring explicit confirmation. In a skill that can modify model selection, ambiguous triggers increase the chance of unintended configuration changes and cost, performance, or reliability regressions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to apply gateway config.patch to change modelSelection, but provides no warning that this alters persistent settings or may affect future sessions, costs, behavior, and reliability. Because the skill also recommends using live web pricing and benchmark results, an unsafe or mistaken patch could silently reroute workloads to inferior or untrusted models.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal