ClawHub

OC Cost Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local cost-reporting skill that reads OpenClaw conversation logs and writes a local report, with optional manual optimization commands documented for the user to review before running.

Install only if you are comfortable with a local script reading your OpenClaw conversation logs to calculate costs. The analyzer itself appears local and non-networked, but review any suggested cron, model-switching, fallback, Ollama, or file-cleanup commands before copying them because those manual commands can change local configuration or delete old memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a passive cost-analysis/reporting tool, but the documentation embeds operational commands that change runtime behavior, such as adding cron jobs and switching models. This mismatch can mislead users or downstream systems into granting the skill more trust than warranted, increasing the chance that users execute state-changing commands under the assumption the skill is strictly read-only.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The security section explicitly claims the skill is read-only and does not execute operations, yet the same file includes commands to add cron jobs, change models, and delete files. False security assertions are dangerous because users, reviewers, or automated trust gates may rely on them and approve or run the skill in contexts where destructive or persistent changes are unacceptable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal