ClawHub

context-switcher

Security checks across malware telemetry and agentic risk

Overview

This skill is local and mostly purpose-aligned, but its packaged scripts appear to write state outside the advertised skill folder and its automatic triggers can silently change notification behavior.

Review before installing. The local-only design is a positive signal, but ask the author to fix the directory layout or script path logic so files stay inside ~/.openclaw/skills/context-switcher/. Also review or disable auto-triggering and DND logging if accidental notification muting or local retention of missed messages would be a problem.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented trigger phrases are very broad and include common conversational language such as 'I need to focus' and automatic activation from calendar titles like 'standup' or 'family dinner'. In a context-switching skill, this can cause unintended mode changes from ordinary chat or routine calendar text, which may mute notifications, alter memory surfaced to the assistant, or suppress outputs at the wrong time.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README states that the skill auto-restores state, saves snapshots, updates live context JSON, and logs messages during DND, but does not prominently warn users that normal use causes local persistence and activity logging. This creates a privacy and transparency risk because users may not realize sensitive conversation metadata or content is being written to disk and retained across sessions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill explicitly allows autonomous activation from trigger phrases in user messages and calendar event titles, but it does not define strong confirmation, speaker-intent checks, or trusted-source constraints. This can cause unintended mode switches that alter notification delivery, memory surface, and response behavior without the user clearly intending to invoke the skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The Work/Focus trigger phrases include ordinary conversational language such as 'I need to focus' and 'starting deep work' that may appear in normal dialogue without intending to change global assistant behavior. Because this skill changes notification filtering and memory loading, accidental activation can disrupt workflows or suppress important information.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Personal-mode triggers such as 'I'm off the clock' and 'done for the day' are common statements that can occur in casual conversation, making unintended activation likely. In this skill's context, that can mute work notifications and suppress proactive work-related surfacing at the wrong time.

Vague Triggers

High
Confidence
97% confidence
Finding
Do Not Disturb triggers include very broad phrases such as 'leave me alone' and 'going dark,' which are plausible in everyday conversation and can unintentionally enable a high-impact silent mode. Because DND mutes all notifications and changes response behavior, accidental activation can cause missed urgent communications and hidden state changes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The calendar auto-trigger model matches generic keywords like 'review,' 'family,' 'draft,' and 'offline' without contextual validation, making unintended mode switches possible from unrelated calendar entries. Since mode changes affect notifications, summaries, memory loading, and restoration behavior, ambiguous keyword matching can create privacy and availability issues.

Ssd 3

Medium
Confidence
87% confidence
Finding
The skill states that in DND mode it will silently log all incoming messages and tasks to a local file for later review. Even without exfiltration, silent background retention of potentially sensitive communications increases privacy risk, creates an unreviewed local datastore, and may capture data the user expected to be ignored rather than stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal