usage-costs

Security checks across malware telemetry and agentic risk

Overview

The skill matches its cost-reporting purpose, but it should be reviewed because it asks the agent to shell-source an unreviewed hidden local file and can update local usage history.

Install only if you trust the local OpenClaw environment and the .context file. Review that file before use, avoid shell-sourcing it if possible, and require explicit confirmation before saving daily token-history entries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is described as a reporting tool, but it also instructs the agent to append data to a local history file. That creates an unexpected state-changing side effect from a read-oriented capability, which can silently alter local records, introduce duplicate or inaccurate entries, and expand the blast radius if the skill is auto-invoked.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs writing to token-history.jsonl without warning the user that local data will be modified. Hidden writes are dangerous because a user asking for a report would reasonably expect read-only behavior, and repeated or unintended invocations could corrupt accounting data or create misleading audit/history records.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal