ClawHub

Context Switch Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a local context-management tool, but it stores conversation snippets and can change or appear to reset saved context without clear user confirmation.

Review before installing if you plan to use it with confidential conversations. Clear the bundled state file before first use, avoid passing secrets as conversation content, and disable automatic optimization with TOKEN_OPTIMIZER_ENABLED=false if you want context changes to be manual. Use the context_manager.py reset path or manually inspect memory/context_switch_state.json when you need to actually clear saved context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool prints the first 50 characters of user-supplied conversation content directly to stdout. In a context-management skill, conversations may contain API keys, personal data, credentials, or proprietary project details, so even partial logging can leak sensitive information into terminal history, logs, or orchestration telemetry without user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The compression path mutates in-memory and persisted conversation state by truncating topic history and halving stored core content, then immediately calls save_context_state() without any user confirmation, rollback, or explicit notice. In a context-management skill, this can silently discard user-relevant information and alter future assistant behavior, creating integrity and availability issues for conversation state.

Missing User Warnings

High
Confidence
96% confidence
Finding
The reset path can fully replace the active context state when token usage exceeds thresholds, clearing current topic/history/memory without a user-facing warning or confirmation. Because this component is specifically responsible for preserving and switching conversational context, an automatic reset is more dangerous here: it can unexpectedly erase ongoing work context and cause loss of continuity or user data relied on by downstream interactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal