Back to skill

Security audit

Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it lets an external trajectory-analysis service influence agent behavior and persistent memory without clear user approval gates.

Install only if you trust ClawTrace with your agent trajectory history. Before use, require the agent to show Tracy's recommendations first and get explicit permission before sending trace/session data, changing behavior, trimming context, or writing anything to MEMORY.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to write externally derived recommendations into a persistent local MEMORY.md file. That expands the skill from analysis into persistent state modification, which can create prompt-injection persistence, store untrusted or sensitive content locally, and influence future agent behavior beyond the current session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to send questions plus trace/session identifiers to an external service that analyzes trajectory history, but it does not clearly warn the user that operational data may leave the local environment. Trajectories often contain prompts, tool inputs/outputs, and potentially sensitive metadata, so silent transmission creates privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send questions, trace IDs, and possibly session-linked trajectory data to an external service without a prominent user-facing consent or privacy warning. Because trajectory data can contain sensitive prompts, tool inputs/outputs, and operational metadata, this creates a real data exfiltration/privacy risk even if the service is legitimate.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill directs the agent to write learnings into MEMORY.md but does not clearly warn that a local file will be modified. Silent file modification can violate user expectations, persist sensitive operational details, and create integrity issues if the file is used by later sessions as trusted context.

External Transmission

Medium
Category
Data Exfiltration
Content
## How to Call the Endpoint

Send a POST request to `https://api.clawtrace.ai/v1/evolve/ask`.

Authentication uses your observe key, which is already set in your environment as `CLAWTRACE_OBSERVE_KEY`.
Confidence
96% confidence
Finding
https://api.clawtrace.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
with httpx.stream(
        "POST",
        "https://api.clawtrace.ai/v1/evolve/ask",
        headers={
            "Authorization": f"Bearer {observe_key}",
            "Content-Type": "application/json",
Confidence
97% confidence
Finding
https://api.clawtrace.ai/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
def ask_tracy(question: str, trace_id: str = None, session_id: str = None) -> str:
    """Ask Tracy to analyze trajectories and return recommendations."""
    observe_key = os.environ.get("CLAWTRACE_OBSERVE_KEY", "")
    if not observe_key:
        return "ClawTrace observe key not configured."
Confidence
93% confidence
Finding
os.environ.get("CLAWTRACE_OBSERVE_KEY

Self-Modification

High
Category
Rogue Agent
Content
metadata: {"openclaw":{"emoji":"🔬","os":["linux","darwin","win32"],"homepage":"https://clawtrace.ai","requires":{"env":["CLAWTRACE_OBSERVE_KEY"]}}}
---

# ClawTrace Self-Evolve Skill

You have access to ClawTrace, an observability platform that captures and analyzes all your trajectories. Use this skill to understand your own performance and improve over time.
Confidence
72% confidence
Finding
Self-Evolve

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.