ClawHub

Time Guru

Security checks across malware telemetry and agentic risk

Overview

Time Guru is a coherent local time-tracking skill, with disclosed local storage and export behavior, though users should be aware it stores work and billing history on disk.

Install only if you are comfortable with a local tool keeping detailed work logs, notes, project names, and billing data under ~/.openclaw/data/time-guru. Treat exports as sensitive files, choose export destinations carefully, and avoid putting confidential client details into activity descriptions unless local storage is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly states it stores data locally and maintains timer state, backups, and exports, which implies file read/write capability while no permissions are declared. Undeclared filesystem access weakens user consent and platform enforcement because the skill can persist and retrieve potentially sensitive work logs, billing details, and activity history without an explicit permission boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
78% confidence
Finding
The skill description emphasizes time tracking and analytics, but the documented script set includes additional capabilities such as importing external sources, exporting tracked data, persistent timer state, goal tracking, and reminders. Capability expansion beyond the declared purpose increases the risk of unexpected data collection, persistence, and data movement, especially for a productivity tool that may handle sensitive work and billing information.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The exporter accepts a caller-supplied output_path and writes exported data directly to that location after creating parent directories, with no restriction to an application-owned export directory and no path validation. In an agent/skill context, this broader-than-necessary file write capability can be abused to overwrite arbitrary user-accessible files or place sensitive time-tracking data in unintended locations.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
This code persists potentially sensitive user activity data, notes, projects, and billing details to disk without any visible disclosure, consent checkpoint, or indication of where the file will be stored. In a productivity/time-tracking skill, exported records can contain private behavioral and work data, so silent persistence increases privacy risk and the chance of unintended data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal