ClawHub

Context Guard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed context-management skill that saves and reloads local progress notes, with privacy caveats but no hidden code, external transfer, or destructive behavior shown.

Install only if you want automatic local checkpointing and recovery across sessions. Review STATUS.md, MEMORY.md, memory/ logs, and HEARTBEAT.md periodically, and avoid letting secrets, private keys, unnecessary personal data, or sensitive financial details be written into those files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill is declared as applicable to all OpenClaw agents and triggered on heartbeat or session start, which creates broad automatic activation without clear scoping, consent, or task-type limits. That can cause the protocol to run in unrelated contexts, leading to unintended file access, persistence actions, or disruptive workflow changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The recovery triggers include ordinary phrases like '继续' and '刚才做到哪了', which are common in normal conversation and may unintentionally invoke recovery behavior. This can cause unsolicited file reads and context reconstruction when the user did not intend to activate a persistence workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to write STATUS.md, daily logs, and long-term memory files, and to read recent channel history, but provides no user-facing notice, consent mechanism, retention limit, or data minimization policy. In practice this can persist sensitive task data, addresses, balances, URLs, and conversation content beyond the user's expectations, creating privacy and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill mandates fixed Chinese user-facing messages after checkpointing or compression recovery, without adapting to the user's language or accessibility needs. While not a classic security flaw, this can impair user comprehension of important operational and privacy-relevant state changes, reducing informed consent and safe oversight.

Ssd 3

Medium
Confidence
95% confidence
Finding
The protocol explicitly instructs the agent to preserve and later restore sensitive operational details such as addresses, amounts, TX hashes, URLs, balances, preferences, and decision history across files and recovered context. Centralizing and replaying this information increases exposure in case of unauthorized access, over-retention, accidental disclosure to future tasks, or cross-session data leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal