ClawHub

openclaw session viewer

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate local session viewer, but it can expose complete private session logs, tool outputs, and thinking/debug content with broad triggers and no built-in warning or redaction.

Install only if you intentionally want local files containing complete OpenClaw session contents. Treat generated HTML or JSON as sensitive: choose a private output path, review before sharing, delete exports when finished, and avoid invoking it casually for ordinary conversation summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad natural-language phrases such as "review this conversation" and "session history," which are likely to appear in ordinary user requests and can cause the skill to activate unintentionally. Because this skill exposes full session logs, tool arguments, results, and thinking blocks, accidental invocation can surface sensitive prior-context data beyond what the user explicitly requested.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documentation describes generating an interactive HTML viewer that displays full raw user messages, assistant responses, tool call arguments, tool results, token usage, and collapsible thinking blocks, but it does not warn that this may expose highly sensitive information. In this context, the absence of a warning materially increases the risk of unintended disclosure of secrets, personal data, internal prompts, or sensitive tool outputs when a user invokes the skill casually.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script extracts full conversation history, assistant responses, tool-call arguments, tool results, and even model 'thinking' content, then writes them to a local HTML or JSON file. Those artifacts can contain secrets, credentials, personal data, command output, or internal reasoning, and saving them without redaction, restrictive permissions, or an explicit warning materially increases the chance of accidental disclosure.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal