ClawHub
Back to skill

Security audit

토큰세이버 (한국어)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TokenSaver memory helper that sends user-chosen saved and searched context to an external API, with no hidden automation or destructive behavior found.

Install only if you intend to use TokenSaver as a remote memory service. Treat anything you save as data sent to a third party, verify the pip package and provider, use a dedicated API key, and avoid storing secrets, regulated data, or private business context unless the provider’s retention and deletion practices meet your needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match ordinary user requests about memory retrieval, context storage, or prompt optimization, which can cause this skill to activate in situations where users did not intend to invoke an external memory service. In this skill's context, that increases the chance that sensitive prompts or project context are routed to a third-party tool unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to save and search content using an API-backed external service but does not warn that saved content is transmitted to a third party. Because the advertised use case is storing project context and memories, users may upload confidential business data, plans, or secrets without informed consent, creating a meaningful data exposure risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is broad and generic, covering common actions like token saving, context storage, memory search, and prompt optimization without any scope qualifiers. In an agent ecosystem, this can cause the skill to activate in unrelated conversations and intercept or influence requests involving memory or prompt handling, increasing the chance of unintended data access or behavior modification.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The description advertises a Korean-language context database as an inherent behavior without indicating any user opt-in or locale negotiation. This can steer interactions toward a fixed language/context mode unexpectedly, which may alter prompt routing or data selection in ways the user did not request, though the direct security impact from this metadata alone appears limited.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal