OpenClaw Cost Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw/OpenRouter configuration helper that adds model aliases and keeps a local savings log, with no artifact evidence of exfiltration or hidden destructive behavior.

Install only if you are comfortable letting the agent add or remove OpenClaw model aliases, restart the OpenClaw gateway, use your OpenRouter account, and keep a local savings log under ~/.openclaw. Review each approval prompt instead of clicking through automatically, and reset or delete the tracker if you do not want task history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill advertises 'zero config risk' and says it 'only adds aliases, never changes your default,' but its documented behavior also restarts the gateway, invokes auth setup, writes and resets a persistent tracker file, and supports alias removal. This mismatch can mislead users about the scope of side effects and reduce informed consent for privileged operations.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill defines multiple broad natural-language activation phrases such as "advisor off," "how much have I saved?", "estimate my monthly costs", and "mix and match" that could plausibly appear in ordinary conversation. If the host agent treats these as executable triggers rather than quoted/help text, users or external content could unintentionally invoke state-changing actions like switching presets, adding/removing models, or resetting the savings tracker.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The first-run trigger is overly broad, activating on generic topics like costs, saving money, models, setup, or even 'what can you do.' In practice this can cause the agent to initiate privileged exec-driven setup flows in ordinary conversations, increasing the chance of unintended command execution and consent fatigue.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The cost tracker persists user task descriptions from chat into a local file, creating a durable record of potentially sensitive prompts, code topics, business context, or security work. Because the logging is automatic and tied to normal use, it can silently retain data beyond user expectations and expand the privacy impact of the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal