ClawHub

Workflow Crystallizer

Security checks across malware telemetry and agentic risk

Overview

This skill locally analyzes OpenClaw memory logs and keeps a local cache of derived workflow suggestions, which is privacy-sensitive but coherent with its stated purpose.

Install only if you are comfortable with a local script reading your OpenClaw memory logs and storing derived summaries in state.json. Review generated cron definitions and skill drafts before applying them, and reset or delete state.json if you do not want retained analysis history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to read persisted memory logs and maintain a writable state file, which implies file read/write capability, yet no permissions are declared. That mismatch weakens user consent and platform enforcement because the skill can access sensitive historical data and modify retained state without transparent capability disclosure.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation text includes broad phrases like workflow optimization, recurring tasks, and habit detection, which are common in ordinary conversation and could trigger the skill unexpectedly. Because this skill mines stored memory and persists analysis state, accidental invocation exposes more data and causes side effects than a simple read-only helper would.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description states that it mines memory logs and persists suggestion history across runs, but it does not present this as a clear warning or consent boundary to the user. In context, that is significant because memory files may contain sensitive behavioral history, and state retention creates ongoing profiling beyond a single session.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script reads full memory log contents, extracts summaries, entities, keywords, and workflow patterns from potentially sensitive personal data. In this skill context, the analyzed source is explicitly a long-term memory store, so processing and deriving structured data from it without clear disclosure or consent creates a real privacy risk rather than a purely cosmetic documentation issue.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The analyzer persists extracted event data into state, creating a secondary cache of sensitive memory-derived information that may outlive the original files or broaden access to their contents. Because this skill's purpose is to mine personal memory logs over time, silent persistence increases the privacy and data-retention risk significantly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal