ClawHub

Experiment Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a local experiment-notes tool that stores user- or agent-provided notes on disk, with no evidence of network exfiltration or hidden execution.

Install only if you want a local persistent memory of experiment history. Do not log passwords, tokens, private keys, session cookies, proprietary prompts, or full error traces containing sensitive data; periodically review or delete the files under ~/.openclaw/memory/experiments if the notes are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to persist commands, errors, fixes, and lessons to local JSONL files, and those fields commonly contain secrets, internal hostnames, access tokens, credentials in CLI arguments, stack traces, or sensitive operational context. Because the documentation encourages routine logging without redaction guidance, it creates a realistic confidentiality risk through long-lived local retention of sensitive data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persistently stores potentially sensitive experiment data, including task descriptions, commands, errors, fixes, and lessons, under the user's home directory without any explicit warning, consent, or visibility at the time of logging. In an agent-skill context, those fields can easily contain secrets, internal paths, proprietary prompts, tokens, or operational history, so silent persistence increases the chance of unintended disclosure through local compromise, backups, multi-user access, or later exfiltration by other tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal