ClawHub

TokFlow

Security checks across malware telemetry and agentic risk

Overview

TokFlow is a coherent local token-usage monitoring skill, but it can expose sensitive usage, spending, provider balance, and prompt-statistics data to the agent.

Install this only if you trust the TokFlow backend running on localhost:8001 and are comfortable letting the agent query and summarize your LLM spending, provider balances, and prompt-usage statistics. Avoid balance checks or prompt-stats if you do not want account or session-derived usage information surfaced in chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use the skill whenever users ask about token consumption, costs, optimization suggestions, balances, or prompt optimization, which creates broad natural-language activation boundaries. This increases the chance of accidental invocation for ambiguous queries, leading to unnecessary access to local usage data or real-time provider balance lookups without the user understanding that external/local APIs will be queried.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises '提问方式监控与优化' and states that data comes from local JSONL session files, but it does not prominently warn users that prompt-analysis features inspect local conversation history. Because prompts may contain sensitive personal, business, or secret material, silent analysis of local conversation data creates a privacy risk and may expose more content than the user intended to share for the current request.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The balance feature states that account balances are retrieved from provider APIs in real time, but the skill does not warn users that invoking this command will contact third-party services. Real-time outbound requests can disclose account usage metadata, create audit trails at providers, and surprise users who expected a purely local analysis tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal