ClawHub

TrustLog Guard

Security checks across malware telemetry and agentic risk

Overview

This skill is a local cost-reporting helper that reads OpenClaw session logs and stores a small local budget file, with no evidence of network transfer, hidden execution, or destructive behavior.

Install only if you are comfortable with the skill reading local OpenClaw session logs to calculate spending; those logs may include more context than just cost fields. Using /budget set will create or update a local budgets.json file with your budget limits, which you can remove if you want to reset stored budget state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
}
```

If the file doesn't exist, create it. If it exists, update only the field being set.

**Checking budget status:**
User says: `/budget`
Confidence
92% confidence
Finding
create it. If it exists, update only the field being set. **Checking budget status:** User says: `/budget` Read current spend (same as /spend logic) and compare against saved budgets. **Output form

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal