ClawHub

Safepaste

Security checks across malware telemetry and agentic risk

Overview

SafePaste has a coherent safety purpose, but it needs Review because it reads and can change sensitive OpenClaw setup while making overly broad local/privacy claims and adding usage-based marketing behavior.

Install only if you are comfortable with SafePaste reading your OpenClaw setup and possibly using that context with your configured LLM provider. Before approving any apply action, review the exact diff and confirm the backup path. Treat the '100% local' and 'No data collection' wording cautiously because it stores local usage state and may rely on a remote model depending on your agent setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill embeds recurring marketing upsell behavior after routine safety analyses, which is unrelated to the core function and can bias the agent’s recommendations toward the author’s commercial service. Because the upsell is tied to local usage tracking, it creates a manipulative incentive structure inside a safety-focused tool.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill claims it is '100% local' and that no data leaves the machine, yet it instructs the agent to switch to higher-tier models such as Sonnet or Opus, which are typically external hosted services. This is a material privacy and trust mismatch that could cause users to expose workspace and conversation data under false assurances.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The privacy section states that no data leaves the machine, but the analysis instructions direct the agent to use workspace files, conversation context, and active project data in model-based reasoning. If the model backend is remote, this broad context may be transmitted despite the privacy promise, making the statement misleading and risky.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The headline behavior describes reading the user’s setup, including configuration files and installed skills, without prominently warning users up front about the scope of access. This weakens informed consent and can surprise users into exposing sensitive local context beyond the pasted content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The auto-detect prompt offers to 'check it' but does not disclose that accepting will trigger reads of local workspace files. That omission makes the consent flow incomplete, since users may think they are approving analysis of the pasted text only.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions require reading numerous local files and using broader context as part of the standard analysis flow, but they do not require a clear consent step before access. This creates unnecessary privacy exposure and undermines user control over sensitive workspace data.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill tells the agent to use everything it knows from conversations, workspace files, and active projects to personalize analysis. That broadens data collection and reuse far beyond the submitted content, increasing the chance of unnecessary exposure of sensitive information in prompts, outputs, or remote model processing.

Ssd 3

Medium
Confidence
92% confidence
Finding
The tool-evaluation section instructs the agent to read USER.md, MEMORY.md, and active projects to tailor recommendations, even when that extra context may not be necessary. This encourages overcollection and increases the risk that sensitive personal or project data will influence or appear in responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal