Back to skill

Security audit

proxy-token-optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cost-optimization toolkit whose database reporting should be used only by authorized OpenClaw operators.

Install this only in the intended openclaw-manager environment. Treat generated usage and quota reports as sensitive operational data, run DB-backed commands only when authorized, and review AGENTS.md.optimized before adopting it as live agent instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger text is extremely broad (`always: true`, plus phrases like 'anything related to saving money on LLM API calls'), which can cause the skill to activate in contexts beyond its intended scope. Unintended invocation increases the chance of unnecessary access to local files, generated config changes, or database-backed analytics workflows when the user did not request them.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states it queries real PostgreSQL `usage_records` and instance data, but it does not provide a clear privacy or data-access warning. This is dangerous because operators may invoke reporting or quota analysis without realizing the skill accesses potentially sensitive multi-tenant usage information, increasing the risk of unintended disclosure or overcollection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.