Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
OpenClaw Cost Guard (Budgets + Token-Saving Playbook)
Security checks across malware telemetry and agentic risk
Overview
This is a local cost-reporting helper that reads OpenClaw/Clawdbot session logs and shows no hidden network, destructive, or persistence behavior.
Reasonable to install for local cost monitoring. Before sharing reports or wiring alerts, remember that output may reveal usage patterns, session IDs, and local file paths; keep alert secrets out of scripts and test budget checks in warn mode first.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.