usage-stats

Security checks across malware telemetry and agentic risk

Overview

This skill locally analyzes OpenClaw session logs to create usage reports, and its sensitive file access is disclosed and aligned with that purpose.

Install only if you are comfortable with a local tool scanning all main-agent OpenClaw session logs and saving derived usage history. Delete ~/.qclaw/workspace/memory/usage_stats_latest.md and usage_stats_history.json if you do not want the reports retained, and avoid invoking it from broad requests like a generic report unless you intend a usage scan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The script does more than generate a one-time usage report: it also writes a latest report and accumulates historical snapshots in workspace files. Because the input source is detailed session logs, this creates ongoing persistence of sensitive behavioral metadata without an explicit consent or retention boundary, increasing privacy and data minimization risk.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include very broad terms such as “统计”, “usage”, “report”, and similar common language, which can cause accidental invocation in unrelated conversations. In this skill's context, unintended activation is more dangerous because execution reads all session history and writes persistent analysis artifacts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description tells the user it can 'run usage stats' but does not prominently warn that it reads all session records under ~/.qclaw/agents/main/sessions/ and writes a latest report plus history snapshots. This lack of upfront disclosure weakens informed consent and increases privacy risk because session logs may contain sensitive prompts, outputs, tool traces, and errors.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script reads all session records from ~/.qclaw/agents/main/sessions, inspects message content for errors, and persists derived reports and history without any explicit user-facing notice or consent mechanism. Even if output is 'derived', the generated markdown and JSON history can reveal conversation patterns, tool usage, timestamps, models, and fragments of error text that may contain sensitive details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal