ClawHub
Back to skill

Security audit

Clawdbot Logs Litiao

Security checks across malware telemetry and agentic risk

Overview

This read-only diagnostics skill is mostly aligned with troubleshooting Clawdbot, but it can expose private conversation contents from local session logs without clear privacy guardrails.

Install only if you are comfortable with the agent reading local Clawdbot logs and session files. Treat outputs as sensitive, especially session JSONL data, user message text, costs, model details, and operational logs. Avoid running the recent-message extraction command unless message content is specifically needed, and do not share raw diagnostic output without reviewing and redacting it first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents that session files contain full conversation data, token usage, and costs, but provides no warning or guardrails about handling sensitive user content. In a diagnostics skill, this creates a real privacy risk because operators may inspect or share conversation logs more broadly than necessary during routine troubleshooting.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These commands are designed to surface recent user message contents directly from session logs, yet the skill does not warn that this exposes private user-provided text. Even if intended for troubleshooting, showing raw message content increases the chance of unnecessary disclosure of secrets, personal data, or confidential prompts.

Ssd 3

Medium
Confidence
97% confidence
Finding
The session parsing pipeline intentionally extracts and displays recent user message text from full conversation logs, which is a direct privacy exposure mechanism rather than incidental metadata access. In the context of a log-analysis skill, this is more dangerous because it normalizes reading raw conversation contents during diagnostics, expanding exposure beyond what is typically required to debug performance or errors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal