ClawHub

ClawForage Prompt Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with transcript-based optimization, but it can read much more private conversation history than its daily/recent framing implies.

Review before installing. Use this only if you are comfortable with it reading your local OpenClaw conversation transcripts and SOUL.md. Prefer running it manually on a limited transcript folder until the maintainer adds real date filtering, clearer privacy disclosure, and redaction or truncation of raw message text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
This is a mismatch because the code only performs transcript extraction/summarization and report-section validation, while the description promises higher-level analysis that includes suggesting SOUL.md improvements and recommending skills. Those claimed outputs are not implemented here. Additionally, the code includes capabilities not mentioned in the description, such as tool-usage extraction, cost analysis, and markdown report validation. The 'daily' aspect is also not implemented in the shown code, though lack of trigger alone is less important than the substantive behavior mismatch.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown instructs the skill to review the user's recent conversation transcripts and run an extraction script over the sessions directory, which is privacy-sensitive data access. Although later constraints mention privacy and read-only behavior, there is no upfront user-facing warning that the skill will read private transcripts and write a dated report file under memory/optimization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This shell script reads all provided JSONL transcript files, extracts user questions, repeated patterns, tool usage, and error text, then prints the results to stdout. Those transcripts may contain sensitive user or system data, but the file provides no warning in comments or user-facing output that it processes and exposes potentially sensitive conversation content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal