ClawHub

Cost Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill’s cost-tracking purpose is coherent, but it automatically persists usage-derived balance data and can read a local DeepSeek API key for calibration without sufficiently prominent permission disclosure.

Install only if you want an always-on cost monitor that reads transcript usage metadata and keeps a local running balance file. Review the scripts before enabling DeepSeek calibration, because that path can read your OpenClaw DeepSeek API key and send it to DeepSeek’s balance endpoint. Keep the skill directory private and delete or reset balance.json if you do not want usage-derived state retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises capabilities that imply writing files, invoking shell commands, and possibly fetching pricing or balance data, but the metadata only declares a Python binary requirement and no explicit permissions. This creates a trust and review gap: users may install a skill believing it is low-risk while it can persist data locally and potentially access the network or shell, increasing the chance of unintended side effects or abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says pricing and balance files are auto-updated and references persistent files like balance.json and pricing.json, but it does not clearly warn users that installation/use will write state to disk over time. For an always-on skill that runs after every reply, silent persistence is more sensitive because it continuously records usage/balance metadata and may surprise users or violate expectations about stateless behavior.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide states that the skill updates balance.json automatically after every reply but does not clearly warn users that it persistently writes usage-derived state to disk. In agent environments, silent persistent writes can create privacy, integrity, and operational risks, especially if users assume the skill is display-only or if the file location and permissions are not tightly controlled.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal