ClawHub

Causal Graph Builder

Security checks across malware telemetry and agentic risk

Overview

This skill locally reads OpenClaw memory files to build a causal graph, which matches its stated purpose but can surface sensitive workspace history.

Before running it, review what is in your OpenClaw memory files, because the generated graph can preserve names, projects, incidents, and relationships in a new JSON file. Avoid adding private logs or using any future LLM extraction path unless you have approved the provider and redacted sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script enumerates and reads workspace memory files, derives structured information from their contents, and writes a new aggregate artifact back into the workspace without any manifest, consent, or scope checks shown here. Even if intended for local graph building, this processes potentially sensitive memory data beyond a narrowly disclosed interface, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is explicitly designed to process logs, memory files, and open issue documents to extract entities, events, and relationships, but it does not mention any safeguards for sensitive data, minimization, consent, redaction, or access control. In this context, those inputs are likely to contain personal information, secrets, internal project details, or behavioral history, so automated extraction and graphing can amplify privacy exposure and make sensitive information easier to query and correlate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes a derived causal graph file into the workspace automatically, without any user-facing warning, confirmation, or indication of what sensitive content may be captured in the output. Persisting transformed memory data can widen exposure because the new file may be consumed, synced, or inspected by other tools and users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code reads MEMORY.md, memory/INDEX.md, and recent dated files from the workspace and processes their full contents to extract entities, events, and relations. Because memory files can contain sensitive operational or personal data, undisclosed bulk processing creates a real privacy and data-minimization issue even without exfiltration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal