ClawHub
Back to skill

Security audit

Project Context Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed file-based project context manager, but users should understand that it creates and reuses local project records.

Install only if you want local project folders, recovery notes, checkpoints, and a registry to persist between sessions. Use explicit project names and paths, review the generated files, avoid storing secrets in project notes, and confirm before letting it scan or update registered project directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to read and write workspace and project files, and to invoke a Python initialization script, yet its metadata declares only a binary requirement and no corresponding permissions. This creates a capability/permission mismatch that can cause users or enforcement layers to underestimate the skill's access to local data, especially because it manages arbitrary project paths and a global registry under ~/.openclaw/workspace.

Vague Triggers

Medium
Confidence
91% confidence
Finding
项目恢复触发词如“恢复项目”“进入项目”“回到项目”等过于宽泛,容易与普通对话或一般性协助请求重叠,导致 skill 在用户未明确授权的情况下进入项目发现/恢复流程。这会造成错误读取注册表、扫描已登记路径、暴露本地项目名称或路径等上下文信息,属于可被自然语言误触发的边界控制问题。

Vague Triggers

Low
Confidence
83% confidence
Finding
“识别这是长期项目,而不是一次性任务”的条件没有给出清晰判定标准,意味着 assistant 可能基于模糊语义自行将普通任务纳入长期项目管理。这样会引发非预期的目录初始化、项目登记或状态持久化,造成上下文污染和错误的项目管理行为。

Vague Triggers

Medium
Confidence
88% confidence
Finding
这些“恢复项目/进入项目/回到项目”等口令都是自然中文中的高频短语,且文档未要求额外确认、命名空间或结构化参数,容易在普通对话中被误判为技能触发。对于一个会执行项目切换、扫描注册表和读取恢复文件的 skill,误触发会导致上下文切换、非预期文件访问或错误恢复流程,影响会话完整性与用户数据边界。

Vague Triggers

Medium
Confidence
84% confidence
Finding
“帮我建立一个新项目”“把这个目录纳入项目管理”等表达过于宽泛,可能与普通任务规划、目录整理或一般性建议请求重叠。该 skill 的上下文包含初始化目录结构、登记注册表等持久化操作,因此一旦误触发,不只是回复偏题,还可能产生文件写入和状态污染。

Vague Triggers

Medium
Confidence
90% confidence
Finding
“退出项目”“固化当前项目”“保存当前阶段进展”等命令语义笼统,既可能出现在普通讨论中,也可能在总结、回顾或建议场景中自然出现。由于这些动作会改变当前上下文状态并可能更新恢复文件、保存断点或退出项目模式,误触发会造成状态漂移、错误快照或覆盖用户预期工作流。

Vague Triggers

Medium
Confidence
94% confidence
Finding
The documented trigger phrases for project recovery are broad conversational commands such as '恢复项目 / 进入项目 / 回到项目'. In an agent skill that can alter context or navigate project state, overly generic triggers can be activated by ordinary dialogue or quoted text, causing unintended project switching, file reads, or recovery workflows without clear user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases include very common conversational expressions such as '进入项目', '恢复项目', and '回到项目'. In an agent skill, broad triggers can cause the assistant to enter project-management behavior during ordinary conversation, leading to unintended directory scanning, context switching, or loading project files the user did not explicitly mean to access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal