ClawHub

CostClaw — Token Cost Analyzer for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

CostClaw is a local cost-audit helper that reads OpenClaw workspace/config metadata to estimate token costs, with no evidence of data exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with a local bash script reading workspace Markdown metadata, OpenClaw model configuration, and installed-skill counts. Use an explicit workspace path for sensitive projects, review the output before applying any suggested trimming or config changes, and avoid invoking it on directories where even filenames, file sizes, or model configuration should stay private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly says the tool reads the user's actual config and workspace, but it does not warn that these locations may contain secrets, credentials, private prompts, or sensitive operational metadata. Even if the tool only performs local analysis, encouraging broad workspace scanning without clear scope limits, exclusions, or privacy guidance can lead users to expose sensitive information unnecessarily or run the tool in high-sensitivity directories.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match common budgeting or efficiency questions, which can cause the skill to activate when the user did not explicitly request a local workspace/config analysis. Because the recommended action is to run a shell script over the current directory or a supplied path, unintended activation increases the chance of unnecessary file inspection and execution of local code in response to ordinary conversation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description uses broad invocation language like 'Use when users mention high API costs, token consumption, budget' that can cause automatic routing from routine discussion into a skill that reads actual config and workspace. In this skill's context, that matters because activation is coupled to executing a local analyzer script, so an imprecise description can lead to unintended code execution and workspace access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script inspects configuration files in the user's home directory and falls back to environment-derived model settings without clearly disclosing that behavior. While this is consistent with the skill's stated purpose of analyzing actual OpenClaw configuration, it still reaches outside the provided workspace and may reveal user-specific configuration details unexpectedly in output or logs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal