ClawHub

Brain Map Visualizer

Security checks across malware telemetry and agentic risk

Overview

This skill coherently builds a local activity graph from OpenClaw journal files, with privacy considerations but no evidence of hidden access, exfiltration, or destructive behavior.

Install only if you are comfortable creating a local graph of your agent's work history. Redact secrets and private chat/session details before bootstrapping journals, keep the generated JSON private, and configure real access control before exposing the dashboard or rebuild API beyond localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The bootstrapping guidance tells users to convert session transcripts or conversation logs into journal files without warning that those sources may contain secrets, personal data, credentials, or sensitive internal context. That can cause durable local replication of sensitive data into markdown journals, expanding exposure to later indexing, display in the graph UI, API serving, backups, or accidental sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script intentionally reads journal entries, extracts summaries and file-access metadata, and writes that derived activity data to a JSON file on disk. Even though this is the stated feature, it creates a real privacy/security risk because journals can contain sensitive operational context, and the output file may be stored, served, or exposed more broadly than the original notes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal