ClawHub
Back to skill

Security audit

3-Layer Token Compressor — Cut AI API Costs 40-60%

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Ollama-based prompt compressor that matches its stated purpose, with privacy caveats around sending prompts and history to the configured Ollama service.

Install only if you are comfortable with prompts and older conversation turns being sent to your configured Ollama service. Keep Ollama bound to localhost or another trusted private endpoint, avoid using the compressor with secrets or regulated data unless you have reviewed Ollama logging and host security, and call reset() between separate conversations or users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README repeatedly reassures users that 'no data leaves your machine' and that everything goes only to localhost, but it does not clearly warn that user prompts and conversation history are still transmitted to a separate local Ollama service and may be logged, retained, exposed by local compromise, or handled by a model with its own persistence/settings. In a tool explicitly designed to process potentially sensitive prompts before forwarding them to paid APIs, this omission can mislead users into treating the workflow as risk-free and increase the chance that secrets, regulated data, or confidential chat history are sent to a local service without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends user messages and conversation history to an Ollama service over plain HTTP with no user-facing disclosure, consent, or trust boundary checks. Although the default target is localhost, both host and port are configurable, so sensitive prompt content could be forwarded to a non-local endpoint or observed by other local processes without the user realizing their data is being reprocessed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.