ClawHub

Monkeytype Tracker and Advisor

Security checks across malware telemetry and agentic risk

Overview

This Monkeytype stats skill is coherent and purpose-aligned, but it needs a Monkeytype API key and can optionally create scheduled report jobs.

Prefer setting MONKEYTYPE_APE_KEY yourself instead of pasting the ApeKey into chat or storing it in plaintext. Only enable daily or weekly reports if you want recurring background jobs, and ask how to remove the cron entries and delete ~/.openclaw/workspace/config/monkeytype.json if you uninstall or rotate the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs sensitive actions—reading environment variables, writing a config file, and making authenticated network requests—yet does not declare permissions or clearly constrain those capabilities. This creates a trust and review gap: users and enforcement systems cannot easily tell that the skill persists credentials and accesses external services.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill goes beyond on-demand stats retrieval by instructing the agent to create cron jobs for recurring reports. Local task scheduling introduces persistence and repeated execution, which increases risk if the configuration is wrong, the script changes later, or users did not fully understand they were enabling ongoing automated behavior.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to retrieve API credentials from both environment variables and a local config file, expanding its credential-access behavior beyond simple stats lookup. Broad secret-reading behavior increases the chance of accidental credential exposure, misuse, or silent reuse of stored secrets without sufficiently explicit user awareness.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad enough to match ordinary discussion about typing speed, WPM, or progress, which can cause the skill to activate unexpectedly. Unintended activation matters more here because the skill can prompt for secrets, read local config, and initiate networked actions.

Missing User Warnings

High
Confidence
98% confidence
Finding
The setup flow asks the user to send their Monkeytype API key directly to the agent in chat. Collecting secrets through conversational input is risky because chats may be logged, retained, exposed to other tools, or mishandled by downstream systems, and the instructions do not strongly discourage sharing the key in plaintext.

Session Persistence

Medium
Category
Rogue Agent
Content
- Linux/Mac: `export MONKEYTYPE_APE_KEY="YOUR_KEY_HERE"`

**Option 2: Config File**
Create this file: `~/.openclaw/workspace/config/monkeytype.json`
With this content:
{
  "apeKey": "YOUR_KEY_HERE"
Confidence
93% confidence
Finding
Create this file: `~/.openclaw/workspace/config/monkeytype.json` With this content: { "apeKey": "YOUR_KEY_HERE" } Then just say "monkeytype stats" and I'll take it from there! ``` After receiving

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal