ClawHub

Token省钱管家

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local token-cost control skill, with expected caching, monitoring, model-routing, and local control-state behavior.

Install this only if you want a local cost-control helper that keeps plaintext cache and cost-control files. Avoid caching sensitive prompts or responses on shared machines, review .openclaw/data periodically, and use disable or budget controls deliberately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code spawns a shell to run `ollama list`, which introduces unnecessary subprocess execution and shell parsing for a routing feature. Even though the command string is static and not directly user-controlled, invoking the host shell expands the skill's privileges to local system inspection and can expose environment details or create unexpected execution risk in sensitive runtimes.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
Host-level local model discovery goes beyond pure cost calculation and routing logic by probing the execution environment for installed software. In the context of an agent skill, this broadens the attack surface and may violate least-privilege expectations because the skill can inspect local host capabilities without explicit user consent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation description is overly broad and can cause the skill to trigger on many ordinary discussions about costs, monitoring, routing, or optimization. In an agent environment, over-broad activation can inappropriately steer user conversations into this skill's workflow, creating unnecessary control over budgeting or operational decisions and increasing the chance of unintended actions or misleading recommendations.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill content presents itself entirely in Chinese without indicating that language should follow the user's preference. This can create consent and comprehension issues: users may not understand activation behavior, commands, or operational implications, which is especially risky for a skill that can disable functions, set budgets, or pause plans.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal