ClawHub

Prompt Slimmer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-cleanup instruction skill that can change workspace Markdown files, but the behavior is disclosed, purpose-aligned, and gated by user approval.

Install only if you want an agent to help reduce prompt-token overhead in OpenClaw workspace files. Before allowing edits, ask for a plan and diff, keep a backup, and verify that safety rules, credentials-handling rules, and core identity remain in active workspace files rather than only in an archive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase "optimize workspace" is generic enough to match routine maintenance requests unrelated to prompt slimming. That can cause unintended activation of a skill that audits and potentially rewrites root workspace markdown files, increasing the chance of unnecessary or confusing file modifications.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance is broad and mostly framed around desirable outcomes rather than strict prerequisites, so the skill may activate in contexts where the user did not intend edits to system-prompt files. Because the skill includes an execution phase that moves and rewrites persistent workspace content, overbroad activation increases risk of accidental data alteration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to move archived sections and replace content in workspace files, but it does not require backups, diffs, or a clear pre-write review step. In a system that treats these files as persistent operating context, mistaken edits can remove safety-relevant instructions, damage memory integrity, or make important context harder to recover.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal