Huo15 Cost Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local AI API cost tracker whose scripts match the stated purpose, with some transparency and usability caveats around stored usage data and reset behavior.

Install only if you are comfortable storing local API usage metadata such as token counts, model names, timestamps, durations, and estimated costs. Review the stats file location under ~/.openclaw/workspace/memory/activity, fix the hardcoded /Users/jobzhao example/config path for your environment, and keep backups before using reset for records you may need later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill clearly instructs users to run shell scripts that read and write local files, but the metadata does not declare any permissions. This creates a transparency and trust problem: users or hosting platforms may assume the skill is non-invasive when it actually persists and modifies local tracking data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose is cost tracking, but the behavior includes resetting history, making backups, and managing alert thresholds beyond the narrow description. While these features may be legitimate, the mismatch reduces informed consent and can surprise users with destructive or persistent side effects.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list contains broad natural-language phrases such as asking how much was spent or requesting token statistics, which could be used in ordinary conversation and unintentionally invoke the skill. Unintended invocation can expose local usage data, alter tracking state, or cause confusing automation when the user did not mean to activate this skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation advertises a reset command but does not warn that it may delete or irreversibly clear accumulated tracking history. In a cost/audit context, silent data clearing undermines accountability and can erase records needed for billing review, troubleshooting, or incident investigation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal