ClawHub

Openclaw Daily Ops

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it needs review because it can run unattended, send operational metadata to Discord, and permanently empty session files using weak safety checks.

Install only if you intentionally want unattended OpenClaw session cost reporting and stale-session cleanup. Run dry-run first, protect the Discord webhook as a secret, confirm report contents are acceptable for Discord, verify sessionFile paths are only OpenClaw session files, and add backups or quarantine/path-containment checks before enabling cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent or operator to read session files, write state/log files, and post to a Discord webhook, but it does not declare those capabilities up front. Missing permission disclosure is risky because it prevents users and platforms from understanding that the skill can access local data, modify files, and exfiltrate information over the network.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script asserts it 'never touches active sessions', but its deletion logic only relies on `updatedAt` age and file size from metadata and never verifies whether the session is still open, locked, or otherwise in active use. If metadata is stale, inaccurate, or delayed, the tool can truncate a live session file, causing loss of conversation state and potentially disrupting ongoing automation or operator work.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to send operational cost reports to a Discord webhook but does not warn that session-derived metadata, usage volumes, channel names, or other operational details are being transmitted to a third-party service. Even if the project claims 'zero personal info,' OpenClaw session names and spend patterns can still reveal sensitive internal activity, and webhook URLs themselves are sensitive secrets if exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises a 'zombie session killer' that 'wipes sessions older than 24h' without an explicit destructive-action warning. In this context, session files may contain active working state, prompts, or recovery context, so users could enable the tool and irreversibly lose important data or disrupt agents if the heuristics misclassify a session as stale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises that it 'wipes sessions older than 24h' near the top, but it does not present a prominent destructive-action warning before setup and scheduling instructions. Because the wipe action truncates session JSONL files, a user could enable nightly automation without fully appreciating that historical session context will be permanently deleted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal