ClawHub
Back to skill

Security audit

Key Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill openly saves selected work-conversation details locally, with privacy caveats but no evidence of hidden code, exfiltration, or destructive behavior.

Install only if you want work conversation and report details saved as local long-term notes. Avoid using it for secrets, regulated data, or highly confidential discussions unless you are comfortable with records being written under ~/.openclaw/workspace/.keyrecords/; periodically review and delete that directory as needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes automatic capture of information from conversations and reports as an 'external brain' without any notice about privacy, consent, retention limits, or handling of sensitive content. In a skill designed to process work communications, this creates a real risk of collecting and persisting confidential, personal, or regulated data beyond user expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The storage section documents a persistent local record store for captured information but provides no warning that the records may contain sensitive business discussions, commitments, stakeholder details, or other confidential context. This omission can lead users to unknowingly retain sensitive data on disk, increasing exposure through local compromise, backups, shared machines, or accidental disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises automatic capture of conversation/report content and persistent storage, but provides no clear privacy notice, consent flow, or warning that sensitive user statements may be written to local files. This creates a real privacy and security risk because users may disclose credentials, personal data, business decisions, or other confidential material without realizing it is being retained.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples normalize invisible auto-logging of user utterances into structured records without telling the user that their statements may be saved locally. Because the examples include operational plans and commitments, the stored data could expose sensitive project timelines, internal decisions, or personal information if the host is shared or compromised.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill's core behavior is to automatically capture broad categories of conversation and report content as a persistent memory system, which creates a genuine data retention and leakage risk. In the context of workplace communications, this may include secrets, internal decisions, timelines, stakeholder identities, and commitments that users did not intend to archive indefinitely.

Ssd 3

Medium
Confidence
96% confidence
Finding
The README states that all records are saved under a local workspace path and describes multiple categories of stored conversational details without defining consent boundaries or sensitivity limits. Because the skill is specifically intended to extract and preserve information from ongoing interactions, the context makes persistent storage more dangerous: it operationalizes broad surveillance-like retention of user/work content.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill is designed as a broad retention mechanism for conversational content, including decisions, assumptions, commitments, context, and stakeholder names, which can accumulate large amounts of sensitive personal and organizational data. Persistent collection of this breadth without minimization, consent, or classification controls materially increases exposure in the event of local compromise, unauthorized access, or accidental sharing.

Ssd 3

Medium
Confidence
97% confidence
Finding
The sample record format stores raw source_text from conversations along with contextual metadata and identifiable information such as stakeholder names and dated commitments. Keeping verbatim excerpts substantially increases the chance that secrets, personal data, or confidential internal discussions are retained and later exposed beyond the user's expectation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal