ClawHub

Connection Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local connection logging and report skill that writes disclosed Markdown records under the OpenClaw workspace, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you want a persistent local activity log. Avoid recording secrets, private conversation text, account details, API keys, or other sensitive content in connection entries, and only configure cron or automatic triggers if you intentionally want ongoing reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatic tracking and scheduled report generation but does not clearly warn users that their activity data will be written to local files on an ongoing basis. This creates a privacy and consent problem because users may enable the skill without understanding the scope, persistence, and timing of data collection and storage.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This code writes to persistent workspace files automatically when addConnection is called, without any confirmation, dry-run mode, or explicit disclosure at the point of action. In an agent skill context, silent file modification can surprise users, corrupt expected state, or be abused to persist untrusted content into markdown files that other tools may later consume.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The weekly report generation unconditionally overwrites the existing weekly report file with fs.writeFileSync, which can destroy prior content or mask tampering without warning. In a workspace-integrated agent, silent overwrites are risky because users may assume reports are preserved or manually edited content is safe from replacement.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal