ClawHub

Context Optimizer Pro

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can carry private conversation history into new sessions automatically without clear redaction or confirmation controls.

Install only if you intentionally want prior-session context carried into new sessions. Prefer manual preview/split mode, inspect the generated continuation prompt before spawning another session, avoid using it in conversations containing secrets or confidential data, and add redaction plus strict cron limits before enabling automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code comments indicate that API keys and credentials should be masked, but the implementation simply extracts matching context snippets and returns them verbatim. If session history contains secrets, tokens, internal URLs, or error traces, this function can surface them into output JSON or continuation prompts, causing unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly analyzes conversation history, extracts key information including user preferences, and creates a continuation session, but it does not warn the user that this processing and carry-forward of potentially sensitive context will occur. That omission undermines informed consent and can lead to unexpected propagation of sensitive data across sessions, especially when automatic monitoring or cron-based execution is enabled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The split workflow explicitly states it would extract conversation history, decisions, preferences, recent progress, and file paths, but it does not present a clear consent or warning step before doing so. In an agent/session-management context, this can unintentionally propagate sensitive prompts, private user data, or internal file references into a new session summary, increasing exposure and persistence of sensitive context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI prints extracted session-derived content directly to stdout, which may be captured by terminals, shell history, logs, CI systems, or other calling processes. Because the extracted data can include tasks, decisions, file paths, preferences, and contextual snippets from prior conversations, this creates a realistic data exposure channel.

Ssd 3

Medium
Confidence
95% confidence
Finding
The continuation prompt intentionally preserves and re-emits file paths, user preferences, URLs, and recent conversation content from session history. In an agent setting, this can propagate sensitive or attacker-injected content into future prompts, increasing both privacy leakage risk and prompt-injection persistence across sessions.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
prompt += "3. Preserving important context above\n"
    prompt += "4. Building on recent progress\n"
    
    return prompt


def analyze_session(status_json: Dict, messages: List[Dict]) -> Dict:
Confidence
88% confidence
Finding
return prompt

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal