Back to skill

Security audit

Huo15 Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its token-cleanup purpose, but it needs review because it can modify OpenClaw workspace files and contains a disabled AGENTS.md replacement path that contradicts its stated safety promise.

Review before installing if you rely on AGENTS.md for workspace rules or safety behavior. The safer use is scan/report/dry-run only, keep auto_replace_agents disabled, inspect every cleanup preview, and only run --force when you are comfortable with DREAMS.md truncation and the backup location under ~/.openclaw/.token-opt-backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run local scripts that read and modify workspace files, restore backups, and continuously monitor files, but it does not declare corresponding permissions. Undeclared file read/write capability weakens consent and review boundaries because a caller may not understand that invoking the skill can lead to broad filesystem changes after a confirmation step.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The code can automatically replace workspace AGENTS.md files when the file matches an 'old format' pattern and the config flag auto_replace_agents is enabled, which contradicts the stated safety guarantee that AGENTS files are never auto-replaced. In an agent system, AGENTS.md often carries behavioral and safety instructions, so silent replacement can alter policy, execution behavior, or trust boundaries across workspaces.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger condition allows the AI to proactively suggest using the skill when it detects that the session context is 'too large,' but that condition is not precisely defined. Ambiguous invocation boundaries can cause the skill to be introduced or escalated without a clear user request, increasing the chance of unintended scans or social-engineering-style nudges toward cleanup actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.