ClawHub

Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a local token-usage tool with disclosed session reading, file outputs, and an explicit cleanup mode that can restart the OpenClaw gateway.

Install only if you are comfortable with a local tool reading OpenClaw session metadata and transcript snippets, writing reports or compressed summaries, and restarting the gateway when you explicitly run `--cleanup --apply`. Prefer `--cleanup` first, avoid sharing generated compression files without reviewing them, and verify the missing `token-optimize` wrapper before relying on the packaged command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"plan": plan,
            }

        subprocess.run(["openclaw", "gateway", "restart"], check=False)
        return {
            "applied": True,
            "message": "Gateway restart requested due to stuck sessions near context limit.",
Confidence
97% confidence
Finding
subprocess.run(["openclaw", "gateway", "restart"], check=False)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill's manifest describes analysis and optimization, but `apply_cleanup` escalates into modifying system state by restarting the gateway. In agent environments, that mismatch is especially risky because users may invoke the skill expecting reporting only, while the code can interrupt service and affect unrelated sessions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The usage example includes `token-optimize --cleanup --apply`, described as applying cleanup and potentially restarting a gateway when stuck sessions are detected, but provides no warning, confirmation guidance, or explanation of side effects. In operational tooling, examples are often copied verbatim, so presenting a state-changing cleanup command without caution can lead to unintended disruption, session termination, or service interruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`compress_session` writes derived session content, including the original task and recent conversation text, to a markdown file in the workspace without consent, redaction, or access controls. Because transcripts may contain secrets, credentials, or proprietary data, persisting them creates a confidentiality risk and expands the exposure window beyond the original session store.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal