ClawHub

Token Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local token-usage report generator whose file access is mostly expected, with privacy caveats around session logs and a small under-disclosed read of installed skill names.

Install only if you are comfortable letting it read local OpenClaw session JSONL files. Use the narrowest session file or project directory needed, treat generated reports as sensitive, and review HTML/Markdown/JSON output before sharing because it may reveal usage patterns, tool names, and local skill names.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation clearly instructs the user to read session JSONL files from project directories and write reports such as HTML output, which implies file read and file write capability. Because these capabilities are not explicitly declared in permissions metadata, the platform and user may underestimate what the skill can access or modify, weakening review and consent boundaries. In this context the behavior is expected for the skill's purpose, but the undeclared access is still a real security issue.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reads ~/.claude/skills to build a whitelist of installed skills even though its advertised purpose is analyzing session JSONL token usage. Accessing a global user directory expands data exposure beyond the provided session files and can disclose local environment details, installed tools, or organizational workflow metadata if the report is shared.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The description includes broad trigger concepts such as “token”, “会话分析”, and “使用报告”, which are common phrases that could match many unrelated conversations. Over-broad activation increases the chance the skill is invoked unexpectedly on sensitive session data or in contexts where file access was not intended, especially since the skill reads local session logs and may generate output files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal