Back to skill

Security audit

Insight Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local insight notebook for OpenClaw sessions, with no evidence of hidden network access, credential use, destructive behavior, or purpose-mismatched actions.

Install this only if you want an agent to keep a local, searchable record of insights from your work. Be deliberate with requests like "remember" or "note this down," and avoid saving passwords, tokens, confidential business data, or sensitive personal details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The 'When to Use' section includes broad triggers like when a user asks to 'track' or 'record' something, which can cause over-invocation and unintended persistence of sensitive conversation content. In a memory-style skill, ambiguous activation boundaries increase the chance that private, speculative, or unnecessary data gets stored without sufficiently explicit user intent.

Vague Triggers

Low
Confidence
77% confidence
Finding
The trigger examples use common conversational phrases such as 'note down' and 'track this insight' without precise activation safeguards. That can normalize automatic storage behavior and lead the agent to retain information too aggressively, creating privacy and data-minimization risks over time.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.