ClawHub

Session Resume

Security checks across malware telemetry and agentic risk

Overview

This skill transparently saves and restores local task progress, with normal privacy precautions for the checkpoint file.

Install this only if you want local checkpointing across interrupted sessions. Avoid letting API keys, passwords, private keys, customer data, or sensitive deployment details be written into ~/.openclaw/workspace-main/.task-state.json, and review or delete that file after sensitive work, especially on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that the skill persists the user's original request and task context in a JSON file, but it provides no warning, minimization guidance, or protection advice for sensitive data. Because agent tasks often include credentials, internal URLs, deployment details, or personal data, storing this material on disk can create an unintended local data exposure risk if the file is readable by other processes, backed up, or left behind after failures.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is configured to auto-detect on every new session start, which creates an overly broad trigger surface for a state-restoration action that reads persisted task context from disk. Even if the behavior is meant to improve reliability, automatic activation without a narrow user-driven trigger or explicit consent can cause unintended disclosure of prior task details and unexpected continuation prompts in unrelated sessions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The usage section defines automatic detection for broad situations like every new session and the first dialogue after a gateway restart, but does not establish precise boundaries for when restoration should occur. This ambiguity increases the risk that the agent will surface sensitive prior-task context to the wrong conversational context or when the user did not intend to resume anything.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes persistent storage of task progress to disk but does not warn users that the file may contain sensitive task descriptions, file paths, intermediate results, or operational context. In a session-recovery feature, this omission is material because the whole purpose is to preserve context across interruptions, making accidental retention and later disclosure more likely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented JSON schema includes a free-form context object and step results, which can easily capture secrets, internal paths, tokens, credentials, or sensitive business data, yet the skill provides no privacy, redaction, or data-handling guidance. Because the feature serializes arbitrary task context for later reuse, the absence of storage constraints or warnings materially raises the risk of sensitive data exposure from local files or later automatic reporting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal