Back to skill

Security audit

Wave Token Saver

Security checks across malware telemetry and agentic risk

Overview

This is a coherent token-audit skill, but it can directly change prompts, model routing, and scheduled-agent configuration without enough explicit user approval.

Install only if you are comfortable with an agent inspecting OpenClaw configuration and local startup context. Use it in read-only or proposal mode first, require a diff and rollback plan before any prompt, cron, model, provider, or tool-profile edits, and review generated reports before sharing because they may include local filenames, task names, and configuration details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad English phrases like "token saver" and "token audit" that could match ordinary conversation and invoke the skill unexpectedly. In a skill that instructs reading local configs and writing reports, accidental activation can lead to unintended file inspection or modification without the user realizing a state-changing workflow has started.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it will write a report file after execution, but does not prominently warn up front that it creates or modifies local files. Hidden write behavior is risky because users may invoke what sounds like an analysis-only audit and instead get persistent filesystem changes, which is especially concerning in automation or shared workspaces.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Quick Wins path explicitly tells the agent to apply techniques directly without audit preamble, yet several listed actions can alter prompts, model selection, or configuration-affecting behavior. This bypasses informed consent and safety review, increasing the chance of silent, unintended changes to production automation or agent behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The test prompts rely on broad natural-language triggers such as '省点 token', 'token 优化', and '检查 token 消耗', which can easily overlap with ordinary user requests. In an agent-skill system, this increases the chance of unintended skill activation, causing the token-saver workflow to hijack unrelated conversations or expose internal optimization behavior when the user was not explicitly invoking the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.