ClawHub

Context Window Optimizer

Security checks across malware telemetry and agentic risk

Overview

This looks like a real context-summarizing skill, but it reads local conversation transcripts and can persist extracted facts or preferences with weak user control.

Install only if you are comfortable with a skill reading local OpenClaw session history and saving selected conversation details into memory or archive files. Before running its scripts, confirm which transcript will be used, avoid sessions containing secrets or sensitive data, and review any generated memory entries before keeping them long term.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to write summaries, decisions, and facts into files like MEMORY.md and memory/YYYY-MM-DD.md, which is a file-write capability not declared in metadata. Undeclared write access is risky because it can silently persist conversation-derived data, including sensitive or incorrect information, outside the active session.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script accepts a session_path/session selector but ignores it and always reads the most recent transcript from a fixed local session directory. This can cause the wrong conversation to be summarized and written out, potentially exposing sensitive content from an unrelated session and violating user expectations about data selection.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documented interface states that --session selects a session, but the implementation never uses that value. This mismatch is security-relevant because users may believe they are operating on a safe or intended transcript while the tool actually processes a different one, increasing the risk of accidental disclosure or incorrect persistence of sensitive data.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The top-level trigger description uses broad conditions like 'context feels heavy' and 'before long or complex tasks,' which can cause the skill to activate without a clear user request. Unintended invocation matters here because the skill can summarize and persist conversation content, potentially altering memory/state when the user did not explicitly ask for it.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The optimization trigger list repeats ambiguous conditions such as 'context feels heavy,' 'starting a complex multi-step task,' and broad post-completion moments. In this skill's context, those vague triggers are more dangerous because activation leads to summarization and writing to memory files, which can cause unwanted persistence, omission of nuance, or premature compaction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically reads the latest session transcript from a per-user history directory and processes prior conversation content without any explicit notice, confirmation, or scope restriction. Because session transcripts may contain sensitive prompts, secrets, preferences, or prior tool activity, silently mining them for 'decisions' and 'preferences' creates a real privacy and data-handling risk, especially in a context-window optimization skill whose purpose is to condense and retain prior context.

Missing User Warnings

Low
Confidence
88% confidence
Finding
When --output is provided, the script writes extracted decisions, actions, and preferences to disk without a clear warning that potentially sensitive conversational summaries will be persisted. This can create unintended durable storage of user data, which is particularly risky because the extracted content is explicitly designed to preserve salient facts and preferences from prior sessions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads conversation transcripts from a user directory and can save a condensed summary to an arbitrary output path without warning, redaction, or sensitivity checks. In the context of a context-window optimization skill, transcripts are especially likely to contain private prompts, credentials, decisions, or operational details, so summarizing and persisting them can amplify leakage risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal