ClawHub

Personal Insight Engine

Security checks across malware telemetry and agentic risk

Overview

This skill reads recent OpenClaw memory logs, redacts common sensitive patterns, sends the text to Gemini or Zhipu for analysis, and prints a strategic review as described.

Install only if you are comfortable sending recent OpenClaw memory logs to Gemini or Zhipu after best-effort redaction. Review sensitive logs first, keep the --days window small, use a dedicated provider API key, and do not rely on the redaction claims to remove every secret or private detail.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions while its metadata and described operation require environment access, file reads, and outbound network use. That mismatch weakens user consent and platform enforcement, especially because it processes local session logs and sends derived content to third-party LLM providers.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill presents itself as a local insight tool over memory/*.md, but the documented behavior includes loading credentials, reading via a broader workspace path, and transmitting log-derived content to remote Gemini or Zhipu APIs. This is a significant trust-boundary violation because users may reasonably expect local-only analysis while sensitive session history is exfiltrated to external services.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This is a real data exfiltration risk: the skill’s stated purpose is scanning local session logs, but it sends the aggregated log contents to external Gemini or Zhipu APIs for processing. Even with partial redaction, session logs can still contain sensitive business context, secrets that evade regexes, personal data, or internal prompts, so transmitting them off-device materially changes the trust boundary.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code transmits session logs to third-party AI providers without any user-facing notice, consent flow, or in-band disclosure at the point of use. In a tool that processes local memory/session logs, that omission is dangerous because users may reasonably assume analysis stays local, causing inadvertent disclosure of sensitive or regulated information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This code aggregates content from local memory/*.md session logs and sends the combined text to an external LLM via analyzer.get_insights(full_text), but it only emits generic progress messages and does not provide explicit consent, redaction, or data sensitivity checks. Because session logs may contain secrets, personal data, or internal context, this creates a real confidentiality risk through unintended third-party disclosure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx
python-dotenv
Confidence
98% confidence
Finding
httpx

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx
python-dotenv
Confidence
97% confidence
Finding
python-dotenv

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
httpx

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
75% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal