ClawHub

TokenRanger

Security checks across malware telemetry and agentic risk

Overview

TokenRanger is a disclosed setup guide for a local context-compression plugin, with privacy and persistence considerations but no evidence of hidden or malicious behavior.

Install only if you are comfortable with a local background service processing conversation history for compression. Review the linked plugin/package, pin versions where practical, avoid sensitive or regulated chats unless you trust the local environment, and verify the service is removed if you uninstall.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explains that conversation history is compressed locally and then forwarded to a cloud LLM, but it does not present this as a prominent privacy warning to the user before installation or use. This can mislead users about where sensitive session content is processed and transmitted, especially because full conversation history is explicitly sent to a local sidecar for transformation before cloud forwarding.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup instructions state that setup registers the sidecar as a system service, but they do not frame this as a persistence-affecting action requiring explicit user awareness. Persistent background services materially change host state and expand attack surface, so omitting a clear caution can cause users to install host persistence unintentionally.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The uninstall section includes stop/disable and rm commands against service files without an explicit caution that these commands modify host configuration and delete files. While scoped to specific TokenRanger paths, destructive shell commands in agent-facing instructions can still lead to accidental misuse or copy-paste errors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal