ClawHub

Agent Audit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local, mostly read-only OpenClaw cost-audit helper, but its documentation overstates how much usage history it actually analyzes.

Before installing, treat this as a lightweight config report rather than a complete ROI audit. Review the generated report for sensitive agent names or model details before sharing it, and use --output only with a safe path you intend to create or overwrite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly documents an --output option that saves a generated report to an arbitrary path, which is a file-write capability despite the skill declaring itself as read-only and lacking declared permissions. Undeclared write access increases risk because a caller or downstream script could write reports into sensitive locations, overwrite files, or bypass permission expectations in the agent framework.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill description promises auditing cron jobs, session history, and model usage, but the implementation only loads a local OpenClaw config and emits generic guidance. This mismatch can mislead users into believing a full cost and ROI audit was performed, causing them to make operational or security decisions based on incomplete analysis.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The comments and surrounding report structure imply cron/API-backed analysis exists or is expected, but the code only inserts a placeholder recommendation block. While this is not code execution risk, it reinforces deceptive functionality and increases the chance that users overtrust the audit results.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal