MH session-logs

Security checks across malware telemetry and agentic risk

Overview

This is a read-only helper for searching local OpenClaw session logs, with the main risk being privacy exposure from old conversations.

Install this only if you want the agent to search local OpenClaw conversation history. Use specific dates, session IDs, or keywords where possible, and review results before sharing because old logs may contain secrets, personal details, or unrelated prior instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger guidance is overly broad for a skill that grants access to complete historical session logs, including older and parent conversations. Without explicit limits requiring clear user authorization and relevance checks, an agent may invoke it opportunistically and expose privacy-sensitive prior context that the user did not intend to retrieve in the current conversation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly enables searching the agent's complete conversation history but provides no privacy warning, consent requirement, or data-minimization guidance. Because session logs may contain sensitive personal data, secrets, or content from unrelated prior chats, this can lead to cross-session data exposure and over-collection beyond the user's current request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal