ClawHub

Subagent Tracker

Security checks across static analysis, malware telemetry, and agentic risk

Overview

Subagent Tracker appears purpose-aligned for locally reporting OpenClaw subagent status, but it can display saved agent transcripts that may contain sensitive content.

Install this if you want your agent to inspect local OpenClaw subagent activity. Before tailing transcripts, remember they may include prompts, tool results, or other private workspace context; use list/status first and avoid sharing transcript output unnecessarily.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning
Medium
What this means

Using the skill may bring prior subagent transcript content into the current chat, including sensitive data or untrusted text from earlier tasks.

Why it was flagged

The script reads OpenClaw's persistent session index and transcript JSONL files so it can report and tail subagent activity. That is core to the skill, but these logs may contain prompts, tool outputs, or other sensitive context.

Skill content
OPENCLAW_HOME = Path(os.environ.get("OPENCLAW_HOME", str(Path.home() / ".openclaw")))
SESSIONS_PATH = OPENCLAW_HOME / "agents" / "main" / "sessions"
SESSIONS_JSON = SESSIONS_PATH / "sessions.json"
...
return SESSIONS_PATH / f"{session_id}.jsonl"
Recommendation

Use transcript tailing only when needed, treat transcript text as logs rather than instructions, and avoid sharing the output outside the workspace.

#ASI02: Tool Misuse and Exploitation
Low
What this means

A false duplicate result could prevent a requested subagent from launching until the user asks again or checks manually.

Why it was flagged

The skill asks the orchestrator to run a local duplicate-check command before spawning subagents and to suppress spawning when a duplicate is detected. This is purpose-aligned token-saving behavior, but it does influence the agent's tool-use workflow.

Skill content
Prevent duplicate subagent tasks (run before sessions_spawn)... If output has `"duplicate": true`, do not call sessions_spawn; reply that the task is already running. The orchestrator rule runs this automatically before spawning.
Recommendation

If a task is incorrectly reported as already running, verify with the list/status command and explicitly ask the agent to continue or spawn a new subagent.