Token Counter

Security checks across malware telemetry and agentic risk

Overview

This local token reporter appears non-malicious, but it reads private OpenClaw session transcripts and can save detailed derived reports with weak privacy scoping.

Install only if you are comfortable with the skill reading local OpenClaw transcripts and session metadata. Use explicit data/output paths, keep generated JSON reports private, and review or delete saved reports because they may reveal session names, clients, tools used, timestamps, and local file paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The --save path stores full per-session report data to daily JSON snapshots, and those session records include metadata derived from transcripts such as labels, inferred keys, client/category attribution, timestamps, tool usage, and source paths. This creates a durable local history of analyzed session activity beyond ephemeral reporting, increasing privacy exposure and the blast radius if the workspace or snapshot directory is later accessed by another user, tool, or process.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The client attribution logic scans transcript-derived text for personal emails, domains, project names, and other identity markers that are not necessary for basic token counting. This expands processing from usage analytics into content inspection and profiling, which is more privacy-invasive and can unintentionally classify or expose sensitive business/personal context contained in transcripts.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The skill explicitly supports writing JSON output and saving daily snapshots to local workspace paths, but the documentation does not warn that running these commands modifies local data. While the writes appear limited to reporting artifacts rather than arbitrary files, silent persistence can still surprise users, overwrite existing files, or leave sensitive usage data behind in the workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal