Ai Cost Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a simple AI API cost calculator and recommender, with a vague manifest description but no evidence of hidden data access or unsafe behavior.

Install only if you want a Chinese-language AI model cost comparison tool. Treat its pricing as advisory because model prices may change, and review any suggested OpenClaw config changes before applying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The manifest description is generic ('AI-powered skill for productivity') and does not reflect the declared purpose of AI cost optimization. This can cause the skill to be invoked in contexts broader than intended, reducing transparency for users and reviewers and making misuse or accidental overreach harder to detect.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: An overly broad description does not meaningfully constrain when the skill should be selected, which may lead to inappropriate invocation outside the cost-optimization domain. In agent ecosystems, vague manifests can expand the skill’s effective authority surface and obscure its real behavior, even if no direct code execution issue is present.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal