ClawHub

Session History

Security checks across malware telemetry and agentic risk

Overview

This skill appears designed to search past OpenClaw session history, but it can expose sensitive conversation transcripts too broadly without strong consent or redaction controls.

Install only if you are comfortable letting the agent search and display past OpenClaw conversations across sessions. Prefer using it only after explicit requests to look up prior chats, avoid running it in shared or logged terminals, and review results for secrets or private content before reusing or sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation guidance is broad enough to trigger on common user phrases like recalling prior work, remembering something discussed before, or continuing a past thread. That can cause the skill to access and search cross-session transcripts when the user did not explicitly consent, increasing the chance of unnecessary exposure of stored conversation data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs searching stored JSONL session transcripts containing both user and assistant messages, but does not prominently warn that this may surface sensitive historical content across sessions. In a context explicitly designed to browse all past conversations, missing disclosure and consent language materially increases privacy risk and makes accidental over-collection more dangerous.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script prints session previews, excerpts, matched terms, and file paths directly to stdout, which can expose sensitive conversation history to whoever invoked the tool or to logs capturing terminal output. In this skill's context, the data source is past conversations across all sessions, so accidental disclosure is more dangerous than in a generic text-search utility because those transcripts may contain credentials, personal data, or confidential work context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal