ClawHub

LLM Cost Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent API cost-tracking skill that uses local files and provider API keys in ways that fit its stated purpose.

Install this only if you want an agent helper that can read LLM provider API keys from your environment, query usage data, and store budget or usage summaries under ~/.openclaw. Review before enabling any future external alert channels, since billing and usage metadata could be shared with those services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation instructs use of a script that appears to require environment variables, local config reads/writes, and outbound API access, yet the skill declares no permissions. That mismatch is dangerous because it hides the real execution capabilities from reviewers and users, reducing informed consent and making over-privileged or unexpected data access more likely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description is broad enough that the skill may be invoked for many generic spending, billing, or optimization queries, even when the user only wants advice rather than live account inspection. In this context, broad triggering increases risk because the skill is capable of accessing billing-related data, env-backed credentials, local files, and external APIs, so accidental activation could expose sensitive usage or perform unintended networked analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal