ClawHub

Trunkate AI

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but needs review because its hook can send filtered agent history to Trunkate and automatically replace local session history.

Install only if you are comfortable with filtered OpenClaw history being processed by Trunkate and with automated hooks replacing session history when thresholds are met. Use PRIVATE and KEEP tags for sensitive content, keep the API key scoped and revocable, verify TRUNKATE_API_URL, and avoid enabling the hook for highly confidential or regulated work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
A pre-request hook automatically spawns another program on every request and forwards selected environment variables into it, creating an execution and data-exposure boundary that is broader than necessary for a context-optimization feature. In agent-hook contexts, automatic background execution is more dangerous because it runs frequently and often with access to sensitive runtime state.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The spec grants or depends on Firestore and Redis access for API keys, rate-limit handling, and failure logic, but that infrastructure access is not necessary for a context-optimization skill as described. Expanding the trust boundary to additional backend systems increases attack surface and raises the risk of secret exposure, privilege creep, or unintended data access if the integration is implemented broadly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance includes broad subjective signals like internal cognitive-load indicators, which can cause the skill to be invoked automatically in many situations without clear user intent. In this skill's context, automatic invocation is more dangerous because activation may lead to history pruning and remote transmission of conversation data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown states that enabling the PreRequest hook will automatically transmit OpenClaw session history to a remote API, but this privacy impact is not presented as a prominent warning or explicit consent gate. Because the hook is recommended as the primary method and runs before every LLM call, users may unintentionally expose sensitive conversation history at scale.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to register an automatic PreRequest hook that can send conversation history or large text blocks to an external Trunkate API for optimization, but it does not clearly warn that agent context may leave the local environment. Because this trigger is proactive and threshold-based, data transmission may occur implicitly during normal use, increasing the risk of unintentional disclosure of sensitive prompts, code, secrets, or internal project data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The spec explicitly sends the full prompt or history text to an external API, which may include sensitive user data, credentials, internal instructions, or proprietary context. Because there is no user warning, consent flow, redaction requirement, or data-classification guardrail, the integration creates a significant privacy and data-exfiltration risk in normal operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code sends conversation history to an external optimization service via optimize_prompt(), but there is no user-facing notice, consent, or policy gate in this file before transmission. Although the code attempts local redaction, the filtering is heuristic and incomplete, so sensitive prompts, personal data, or secrets may still be disclosed to a third party.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This skill transmits the full prompt text to a third-party remote API for optimization, but the code itself provides no explicit runtime disclosure, consent check, or data classification guard before sending potentially sensitive context. In an agent skill whose purpose is to process context history, this raises meaningful privacy and data-handling risk because users may not realize conversation contents are leaving the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal