openclaw-tally

Security checks across malware telemetry and agentic risk

Overview

This is a local task-cost analytics skill with disclosed message processing and local SQLite storage, with a privacy wording mismatch users should understand.

Install only if you are comfortable with a local analytics hook reading every OpenClaw message to classify task activity. Treat ~/.openclaw/tally/tally.db as private because it can reveal sessions, models, costs, task history, and potentially high-level task summaries if future code or integrations populate those fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The PRD claims a privacy guardrail of 'No task content stored — only metadata,' but the schema includes `intent_summary` and `outcome_summary`, which are semantic derivatives of user content. These fields can still capture sensitive user requests, business context, or personal information, creating a privacy and compliance mismatch that could lead to over-collection and unsafe downstream exposure via APIs, dashboards, or logs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal