ClawHub
Back to skill

Security audit

上下文优化器

Security checks across malware telemetry and agentic risk

Overview

This is a local context-analysis and optimization skill whose file reads, report writes, skill installation helper, and automation examples are broadly aligned with its stated purpose, though users should treat it as capable of changing important workspace guidance files.

Install only if you are comfortable with a local tool reading OpenClaw workspace context files and creating reports, config files, copied scripts, or new skills. Use version control or backups before optimization, review diffs afterward, and avoid enabling cron or CI automation until tested on a non-critical workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises broad workspace analysis and optimization, which inherently implies reading and modifying files, and the static finding indicates additional shell capability without any declared permissions boundary. Undeclared file and shell capabilities are dangerous because they hide the true execution surface from users and reviewers, making it easier for the skill to modify the workspace, install artifacts, or invoke external commands without informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a true security issue because the declared purpose focuses on context optimization, but the observed behavior includes installation into ~/.openclaw, copying scripts into the workspace, creating config files, invoking subprocesses, checking versions, guiding cron setup, and saving reports. That mismatch prevents informed consent and increases the risk of persistence, unexpected file changes, and command execution beyond what a user would reasonably expect from the description.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation promotes automated optimization, scheduled execution, CI workflows, and automatic commits that modify workspace or repository files. In a tool designed to rewrite context files, this increases the risk of unintended destructive changes, silent corruption of important instructions, or propagation of bad edits at scale, especially when run unattended.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad natural-language invocations like '分析并优化当前上下文' can easily be triggered by ordinary conversation, causing the skill to activate in situations where the user did not intend a file-modifying workflow. In the context of a skill that may write files, create new skills, or run supporting tooling, ambiguous triggering materially increases the chance of accidental execution and unintended workspace changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill introduction emphasizes optimization benefits but does not clearly warn that it may modify workspace files and create new skills. For a tool operating on core context files like AGENTS.md, MEMORY.md, and related configuration, omission of a prominent modification warning makes accidental destructive or confusing changes more likely.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script writes files directly into the user's workspace without prompting, previewing changes, or allowing an alternate output location. In a shared or automation-sensitive workspace, this can unexpectedly modify state, overwrite prior outputs, or create files that downstream tools may trust or process, making it a genuine but low-severity integrity issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.