ClawHub

AI Usage

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it needs access to local Claude credentials and OpenClaw session logs to report usage.

Install only if you are comfortable letting this skill read your local Claude Code credentials and OpenClaw session logs. Review the script before scheduling it, keep any cron or dashboard use under your control, and avoid sharing reports if provider, model, token, request, quota, or cost data is private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents behavior that reads local files, invokes shell commands, accesses environment-controlled paths, and makes network requests, yet it declares no explicit permissions or trust boundaries. This creates a capability-transparency problem: an agent may execute the skill with broader access than the user expects, including credential files and session logs containing sensitive usage and cost data.

Credential Access

High
Category
Privilege Escalation
Content
## How It Works

- **Anthropic quota:** `GET https://api.anthropic.com/api/oauth/usage` using Claude Code's OAuth token from `~/.claude/.credentials.json` (requires `user:profile` scope)
- **Token auto-refresh:** If the token is expired, the script automatically refreshes it by invoking `claude --print -p "ok"` (Claude Code refreshes its own OAuth token on any invocation), then re-reads the updated credentials file. If Claude Code isn't installed, Anthropic quota is skipped gracefully.
- **Session stats:** Parses `~/.openclaw/agents/main/sessions/*.jsonl` for per-provider/model token and cost data
Confidence
95% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
| Variable | Default | Description |
|----------|---------|-------------|
| `OPENCLAW_SESSIONS_DIR` | `~/.openclaw/agents/main/sessions` | OpenClaw session log directory |
| `CLAUDE_CREDENTIALS_PATH` | `~/.claude/.credentials.json` | Claude Code credentials file |

## Tips
Confidence
88% confidence
Finding
credentials.json

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal