ClawHub

Token Stats

Security checks across malware telemetry and agentic risk

Overview

This is a local token-usage viewer whose file access and setup actions are mostly disclosed and aligned with its purpose.

Install only if you are comfortable with a local tool reading AI-agent usage stores such as Claude, Codex, Hermes, and OpenClaw logs/databases. Review the setup step because it modifies your PATH and creates a local command wrapper; use update or uninstall only when you explicitly intend those changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"c.close();print(json.dumps({'rows':rows,'sc':sc},default=str))"
    ) % (linux_path, where, where)
    try:
        r = subprocess.run(
            ["wsl.exe", "-d", distro, "--", "python3", "-c", script],
            stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, timeout=15,
        )
Confidence
89% confidence
Finding
r = subprocess.run( ["wsl.exe", "-d", distro, "--", "python3", "-c", script], stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, timeout=15, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"c.close();print(json.dumps({'rows':rows,'sc':sc},default=str))"
    ) % (linux_path, where, where)
    try:
        r = subprocess.run(
            ["wsl.exe", "-d", distro, "--", "python3", "-c", script],
            stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, timeout=15,
        )
Confidence
88% confidence
Finding
r = subprocess.run( ["wsl.exe", "-d", distro, "--", "python3", "-c", script], stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, timeout=15, )

Tp4

High
Category
MCP Tool Poisoning
Confidence
79% confidence
Finding
The description promises a simple interactive token viewer for four agents, but the detected behavior suggests substantially broader functionality including extra backends, filesystem/database scanning, exports, setup/update/uninstall actions, PATH modification, and persistent configuration. This mismatch is dangerous because users may grant trust based on a narrow description while the skill actually performs broader system interactions that increase privacy and integrity risk.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill is presented as a token-usage viewer, but it also modifies PATH, creates wrappers, deletes files during uninstall, and performs self-update/force-install operations. These capabilities materially exceed the stated purpose and create supply-chain and persistence risk because a stats tool should not need to alter execution environment or install/update itself.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal