ClawHub

Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it sends trajectory-analysis requests to ClawTrace and tells the agent to immediately change behavior and write persistent memory without explicit user approval.

Install only if you trust ClawTrace with your trajectory history and are comfortable with an agent using its recommendations to change behavior. Before using it, prefer requiring explicit approval for each API call, redacting sensitive trace content, and reviewing any proposed MEMORY.md entry before it is written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to write Tracy-derived insights into MEMORY.md, which is a persistent local file unrelated to the minimum functionality required to query an external trajectory-analysis service. Persisting external analysis into local memory can create unintended long-term storage of sensitive or misleading data and expands the blast radius beyond the current session.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to send questions, trace identifiers, and implicitly trajectory-derived context to an external API without a clear disclosure about data sharing or the sensitivity of prior run contents. Because trajectory data may contain prompts, tool inputs, outputs, or user-provided secrets, this omission creates a meaningful privacy and compliance risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The instructions to log learnings into MEMORY.md do not warn that this alters persistent local user data. Even if the content seems operational, users should be informed before the agent writes analysis-derived summaries into durable storage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send questions plus trace_id/session_id context to a third-party API, but it does not clearly warn that operational history and potentially sensitive trajectory content will leave the local environment. Because trace/session identifiers can enable retrieval or correlation of prior runs, users may unknowingly disclose sensitive prompts, outputs, or metadata to an external service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to immediately alter session behavior and write learnings into MEMORY.md without first obtaining explicit approval for modifying local state or files. This can create persistent side effects, contaminate future runs, and cause unexpected changes to agent behavior based on unverified external recommendations.

Ssd 3

Medium
Confidence
94% confidence
Finding
The prompt template asks Tracy to identify 'what was the input that caused' a failure, encouraging retrieval and restatement of potentially sensitive prior user inputs in plain language. This increases the chance that secrets, personal data, or confidential business content from historical runs are surfaced unnecessarily or transmitted externally.

Ssd 3

Medium
Confidence
93% confidence
Finding
Recording Tracy's findings in MEMORY.md can persist sensitive trajectory-derived details across sessions, including summaries of failures, inputs, or operational weaknesses. Persistent cross-session storage raises exposure risk compared with ephemeral session-only guidance.

External Transmission

Medium
Category
Data Exfiltration
Content
## How to Call the Endpoint

Send a POST request to `https://api.clawtrace.ai/v1/evolve/ask`.

Authentication uses your observe key, which is already set in your environment as `CLAWTRACE_OBSERVE_KEY`.
Confidence
95% confidence
Finding
https://api.clawtrace.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
with httpx.stream(
        "POST",
        "https://api.clawtrace.ai/v1/evolve/ask",
        headers={
            "Authorization": f"Bearer {observe_key}",
            "Content-Type": "application/json",
Confidence
96% confidence
Finding
https://api.clawtrace.ai/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
def ask_tracy(question: str, trace_id: str = None, session_id: str = None) -> str:
    """Ask Tracy to analyze trajectories and return recommendations."""
    observe_key = os.environ.get("CLAWTRACE_OBSERVE_KEY", "")
    if not observe_key:
        return "ClawTrace observe key not configured."
Confidence
90% confidence
Finding
os.environ.get("CLAWTRACE_OBSERVE_KEY

Self-Modification

High
Category
Rogue Agent
Content
---
name: ClawTrace Self-Evolve
description: Ask Tracy to analyze your recent trajectories and improve your agent behavior based on data-driven recommendations.
version: 1.0.0
metadata: {"openclaw":{"emoji":"🔬","os":["linux","darwin","win32"],"homepage":"https://clawtrace.ai","requires":{"env":["CLAWTRACE_OBSERVE_KEY"]}}}
Confidence
88% confidence
Finding
Self-Evolve

Self-Modification

High
Category
Rogue Agent
Content
metadata: {"openclaw":{"emoji":"🔬","os":["linux","darwin","win32"],"homepage":"https://clawtrace.ai","requires":{"env":["CLAWTRACE_OBSERVE_KEY"]}}}
---

# ClawTrace Self-Evolve Skill

You have access to ClawTrace, an observability platform that captures and analyzes all your trajectories. Use this skill to understand your own performance and improve over time.
Confidence
89% confidence
Finding
Self-Evolve

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal