ClawHub

Weekly Retro

Security checks across malware telemetry and agentic risk

Overview

This local weekly-retrospective tool does what it says, but users should understand it reads personal/work memory files and may retain summaries on disk.

Install only if you are comfortable with a local tool reading your OpenClaw memory logs and workspace context files, then writing retrospective reports and optional history summaries. Review the configured memory, output, history, SOUL.md, and AGENTS.md paths before using it, especially if those files may contain secrets or sensitive work details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The analyzer reads SOUL.md and AGENTS.md from workspace paths to influence output, even though those files are not necessary inputs to a weekly retrospective of gathered logs. This expands the skill's data access to unrelated potentially sensitive identity or operational documents, creating unnecessary privacy exposure and a covert data dependency that users may not expect.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation phrases include broad, natural language terms like 'weekly review,' 'how was this week,' and 'what should change,' which can easily match ordinary conversation unrelated to consent for reading private memory logs and generating files. Overbroad triggering increases the chance of accidental activation of a skill that processes sensitive historical data and writes artifacts to disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and quick-start pipeline do not clearly warn that the skill reads memory log files and writes a retrospective markdown file to persistent storage. Because memory logs may contain sensitive personal or work information, omission of an explicit warning undermines informed consent and makes accidental privacy-impacting use more likely.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script defaults to reading files from ~/.openclaw/workspace/SOUL.md and ~/.openclaw/workspace/AGENTS.md without explicit user disclosure at runtime. Even though it only scans for keywords, accessing home-directory workspace files by default can expose sensitive personal or operational information and violates least-privilege expectations for a retrospective tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal