ClawHub

多窗口模式

Security checks across malware telemetry and agentic risk

Overview

This multi-window skill is coherent, but it automatically saves and reloads local conversation transcripts with weak session scoping and limited privacy controls.

Install only if you want this skill to store and reuse conversation history on disk. Avoid using it around secrets or confidential work unless you are comfortable managing files under ~/.openclaw/workspace/memory/tasks, and be aware that the switch logic may copy the latest local session rather than a session definitively tied to the window you are leaving.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script claims to keep window contexts isolated, but when switching it saves the globally newest session file from ~/.openclaw/agents/main/sessions without verifying that the file actually belongs to the window being left. In a multi-window or multi-session environment, this can misattribute one conversation's transcript to another task, causing unintended cross-window disclosure and breaking the stated isolation guarantee.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will automatically save the current session transcript and later reload prior conversation history for a window, but it does not warn users about persistence, retention, or exposure of potentially sensitive prompts and responses. In a multi-window workflow skill, this creates a real privacy and data-handling risk because users may assume context isolation means safer separation, while full transcripts are actually being written to storage and displayed again later.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script takes conversation content from command-line input and writes it to a persistent file under ~/.openclaw/workspace/memory/tasks/output/context.md without any consent check, warning, retention control, or sensitivity filtering. In an agent context, conversation history may contain secrets, personal data, or internal prompts, so silent persistence increases the risk of unintended local disclosure and later exfiltration by other tools or users on the same system.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code copies full conversation transcripts into per-window storage automatically during switching, creating persistent local copies of potentially sensitive prompts and responses. Because this happens implicitly and without any consent, warning, retention control, or access restriction, users may unknowingly leave sensitive data stored across task directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal