ClawHub

Model Usage Linux

Security checks across malware telemetry and agentic risk

Overview

This skill locally reads OpenClaw session logs to report token usage and cost, with no evidence of network exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with a local helper parsing your OpenClaw session JSONL files to compute usage and cost. Treat both the logs and the generated report as potentially sensitive, and do not rely on the --session flag for scoped reporting unless the skill is updated to implement it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to read local session JSONL files under the user's home directory, which is a file-read capability. If the skill does not declare that permission, users and policy layers may not realize it accesses potentially sensitive usage history and metadata, creating a transparency and consent gap. In this context the behavior is expected for the skill's purpose, but the undeclared capability is still a real security issue.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The CLI advertises a --session selector, but the implementation ignores it and always processes every JSONL file in the sessions directory. In this skill's context, that can expose aggregate usage and billing metadata from unrelated sessions when a user expected scoped analysis of a single session, creating a privacy and least-surprise violation rather than code execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal