Back to skill

Security audit

Cost Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at cost optimization, but it can persist conversation-derived data and inspect historical/local usage settings without clear enough user control.

Review before installing. Use it only if you are comfortable with local analysis of usage history and configuration files. Avoid running context snapshot features on sensitive chats unless you can choose the path, review the contents, redact secrets, and keep the file out of source control. Confirm any configuration changes before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The skill includes persistent logging of routing decisions, compression activity, heartbeat behavior, and configuration changes to a file in the user's home directory. Even if intended for auditability, persistent logs can capture sensitive metadata about user activity, models used, file paths, and timing patterns without an explicit opt-in or retention policy.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic context compression and creation of a `.context-snapshot.md` file, but does not clearly warn that prior conversation content may be summarized and persisted to disk. In an agent tool, conversation history can contain secrets, proprietary code, credentials, or sensitive prompts, so silent summarization and file output creates a real privacy and data-retention risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README states that `/cost-report` reads `~/.openclaw/usage-log.jsonl` from the user's home directory without a privacy notice or scope explanation. Usage logs may reveal prompt contents, file paths, model usage patterns, and project activity, so undocumented access to home-directory telemetry is a legitimate privacy concern even if intended for reporting.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The configuration generator is described as generating and applying optimized configuration, with backup behavior mentioned, but the README does not prominently warn that existing configuration files may be modified or overwritten. In a developer tooling context, silent config changes can disrupt workflows, alter model selection or budgets, and potentially weaken operational safeguards if users do not understand the write behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs writing a compressed conversation snapshot to `.context-snapshot.md`, which persists prior dialogue, tool outputs, file summaries, and task state onto disk. This can unintentionally store secrets, proprietary code details, or personal data in the workspace without warning, increasing exposure to other tools, commits, or local users.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The heartbeat workflow reads configuration files from home-directory locations such as `~/.openclaw/config.json` and `~/.claude/settings.json` without explicitly warning the user that global settings will be inspected. Although this is relevant to configuration optimization, it still touches potentially sensitive user preferences and environment-specific settings without clear consent boundaries.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The cost-report feature reads historical usage logs from the user's home directory and analyzes session activity without an explicit warning that prior activity patterns will be processed. Even if used only for reporting, this may reveal sensitive behavioral data such as models used, timestamps, and task categories.

Ssd 3

Medium
Confidence
95% confidence
Finding
The context compression feature explicitly retains and persists summaries of prior user conversations, tool outputs, file contents, and code blocks. Because those materials can contain secrets, credentials, internal code, or personal data, consolidating them into a durable snapshot materially increases the risk of unintended disclosure through local access, later tooling, or source control.

Ssd 3

Medium
Confidence
89% confidence
Finding
The usage-report feature aggregates detailed session logs including timestamps, model usage, token counts, task types, and cost data across time. Without minimization, consent, or retention controls, this creates a broad historical activity profile that could expose sensitive work patterns and indirectly reveal prompt or project characteristics.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.