ClawHub

Workflow Crystallizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it analyzes local memory logs and stores local state to suggest workflow automations, with privacy caveats users should understand.

Install only if you are comfortable with a local tool analyzing your OpenClaw memory logs and caching derived summaries in state.json. Review generated cron definitions or skill drafts before approving them, and inspect or reset state.json when you do not want prior memory-derived patterns retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are very broad, including generic workflow-optimization language such as 'optimize my workflows' and 'what should be automated,' which could cause the skill to trigger in contexts the user did not intend. Because this skill mines memory logs and maintains persistent state, accidental activation can expose more historical data than necessary and generate unwanted writes or suggestions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to edit state.json directly and provides a reset command that clears everything, but it does not warn about data loss, auditability, or recovery implications. In a skill that persists historical suggestions and decisions, direct manual edits and resets can destroy records, corrupt state, or allow silent tampering with accepted/rejected outcomes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script reads personal memory files, extracts keywords, entities, summaries, and workflow patterns, then persists those derived artifacts into state without any consent prompt, data minimization, or privacy notice. In the context of a memory-analysis skill, this increases privacy risk because the derived metadata can reveal sensitive habits, projects, contacts, and routines even if the raw text is not directly exposed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal