ClawHub

skill-stats

Security checks across malware telemetry and agentic risk

Overview

This is a local skill-usage stats tool with disclosed session-log scanning and local storage, but no evidence of exfiltration or destructive behavior.

Install only if you are comfortable with a local tool scanning Claude/OpenClaw session history and keeping aggregate usage records, including project paths. Review or delete the generated stats files if you do not want that local history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell execution and depends on environment variables (`${SKILL_DIR}`) but declares no permissions or safety boundaries. That creates an authorization and transparency gap: users may trigger filesystem scanning and local data processing without clear disclosure or consent, increasing the chance of unintended access to sensitive session history.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The collector persists and updates a stats database under the user's home directory, which is a state-changing behavior beyond a narrowly scoped read-only 'query/analyze' capability. In a stats skill this may be functionally intended, but it still expands the trust boundary because invoking the skill causes filesystem writes and retention of usage metadata over time.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation scope is overly broad ('any questions related to skill usage details'), which can cause the skill to activate in situations where users did not intend local session-history analysis. Because this skill reads potentially sensitive usage logs across environments, broad triggering increases privacy risk and the chance of excessive data access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation does not prominently warn users that it scans local session history under `~/.claude/projects/` and `~/.openclaw/agents/main/sessions/`, then writes derived data to persistent files. Session histories may contain sensitive prompts, project names, paths, or operational metadata, so undisclosed reading and persistence create a meaningful privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The collector creates and writes a persistent analytics file under the user's home directory without any visible consent, notice, or retention controls. Because the stored data aggregates session-derived project paths and skill usage over time, it can expose sensitive workflow metadata to other local processes or users if the file is unexpectedly present or insufficiently protected.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads session JSONL files from the user's OpenClaw directory and captures cwd/project paths from those records without any visible user-facing disclosure. Even if collection remains local, scanning historical sessions can reveal repository names, filesystem layout, and usage patterns that may be sensitive and exceed what users expect from a stats feature.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code reads user settings and recursively scans project log files containing session IDs, working directories, timestamps, and tool activity without any visible consent or disclosure mechanism. Even though data stays local in this file, silent collection of detailed behavioral metadata creates a privacy risk and could expose sensitive project structure or usage patterns if the resulting stats file is later accessed by other components.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The collector writes a persistent JSON database of skill usage into the user's home directory without any visible notice, which creates ongoing retention of behavioral telemetry. Persistent local storage increases privacy exposure, especially if file permissions, retention limits, or user controls are not defined.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal