ClawHub

SkillTree

Security checks across malware telemetry and agentic risk

Overview

SkillTree is a coherent personalization skill, but it needs review because it automatically profiles recent chats, stores evolving user/agent state, and encourages acting before asking on potentially external tasks.

Install only if you want persistent, chat-history-based personalization. Before using it, keep explicit approval required for emails, messages, files, calendar changes, public posts, purchases, and share cards; review or reset stored profile data if it captures sensitive or inaccurate personal details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (30)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs automatic analysis of the last 50 chat messages on activation to infer user traits and generate a profile, but it does not state a clear consent flow, data minimization rule, or narrowly bounded purpose. That creates privacy and profiling risk because the assistant may process sensitive conversational content and derive behavioral characteristics without explicit user approval.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Companion path explicitly says to remember personal details from conversations and adapt behavior over time, but it gives no clear purpose limitation, consent boundary, or restriction on what kinds of personal details may be retained. This can lead to persistent storage or resurfacing of sensitive user information in ways the user did not expect.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The auto-recommendation logic is triggered by very common behaviors such as asking technical questions or requesting explanations, so it can activate without clear user intent. This creates prompt ambiguity and may cause the skill to steer interactions or alter behavior based on weak signals rather than an explicit selection.

Vague Triggers

Low
Confidence
88% confidence
Finding
The phrase "recommend for me" is underspecified and lacks boundaries on what data may be considered or what action follows. Ambiguous invocation phrases increase the risk of unintended mode changes and make the skill easier to trigger accidentally in normal conversation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The template invites users to activate a growth path by either naming it or vaguely describing what they want, which creates an overly broad trigger surface. In a conversational system, this can cause accidental mode changes from ordinary user phrasing, leading to unintended behavioral shifts without clear confirmation.

Missing User Warnings

High
Confidence
95% confidence
Finding
The first-run experience states that the skill automatically analyzed past conversations to build an agent profile, but it does not present consent, scope, retention, or privacy notice to the user. This creates a real privacy risk because users may be unaware that prior chat history is being processed for profiling, which can expose sensitive preferences, traits, or inferred personal characteristics.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The template states the skill should auto-trigger on installation and references analyzing past conversations, which creates an overly broad activation condition. In an agent environment, this can cause the skill to run without a clear user request or informed consent, unexpectedly influencing behavior and processing prior chat context.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The entire display template is written in Chinese and presents the interaction flow, prompts, commands, and feedback in Chinese only, with no indication of language detection or user choice. This can override or bias the agent toward a language the user did not request, reducing usability, informed consent, and possibly causing misunderstandings around controls like reset, sharing, or onboarding choices.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Companion path explicitly promotes remembering user-shared personal details, but it does not disclose retention limits, consent controls, or privacy implications. This can lead users to reveal sensitive information under unclear expectations and increases the risk of over-collection or inappropriate reuse of personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill presents mood detection and tone adaptation as a feature without warning that the system is inferring emotional state from user messages. Emotional inference is privacy-sensitive and can be manipulative or misleading if users are not informed that such profiling is occurring.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes remembering user preferences, inferring emotional state from message style, and adapting behavior based on that profiling, but it does not present a clear privacy notice, consent flow, retention policy, or user controls. This creates a meaningful privacy and safety risk because users may be unaware that sensitive personal data and inferred emotional attributes are being collected, stored, and used to shape future interactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The 'Decision Executor' behavior encourages the agent to perform actions such as sending email first and only report afterward, reducing confirmation before potentially irreversible or externally visible operations. In an agent context, this is dangerous because it can cause unintended messages, data disclosure, or unauthorized changes in external systems if the model misinterprets intent or acts on insufficient context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly says the agent will automatically analyze chat history after installation, but it does not present a clear privacy notice, consent step, data scope, retention policy, or opt-out before processing begins. Because chat history may contain sensitive personal, professional, or confidential information, automatic analysis without prominent disclosure can lead to unexpected privacy exposure and unsafe collection of user data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The one-click sharing feature encourages publishing an ability card derived from the user's interactions and profile, but the README does not warn that this may reveal behavioral patterns, inferred traits, streaks, rankings, or identity-linked information. Users may share sensitive or personally identifying profile data without understanding the disclosure risk, especially if sharing is streamlined and framed as harmless.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says the skill will automatically analyze past conversation history immediately after installation, but it does not clearly disclose what data is accessed, how much history is processed, whether consent is required, or how the data is stored and used. In an agent skill context, silent access to conversation history can expose sensitive personal, professional, or proprietary information and creates a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes one-click sharing of an ability card to Moltbook without clearly warning users that profile-derived data may be sent to an external service. Because the card appears to summarize behavior, role, and usage patterns inferred from conversations, sharing it without prominent disclosure can leak personal or sensitive metadata outside the agent environment.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The Companion trigger phrases are broad, everyday terms like 'friend,' 'chat,' and 'understand me,' making accidental activation likely during normal conversation. Because activation changes behavior toward emotional adaptation and memory of personal details, ambiguous triggering increases the risk of unintended privacy-affecting mode changes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Expert path trigger phrases include common words like 'professional,' 'deep,' 'detailed,' and 'why,' which are likely to appear in routine requests. This can unintentionally switch the system into a different behavioral mode without the user's informed intent, causing confusing or overreaching changes in response style and possibly retrieval expectations.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill says to immediately analyze prior chat history on first activation, but there is no prior warning before that privacy-sensitive processing occurs. Performing retrospective analysis before informed notice or consent is dangerous because users may not expect older messages to be mined for profiling and scoring.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it will remember personal details and track emotional accuracy/proactive care, but it does not clearly warn users that this information may be retained and used over time. That omission is risky because it can normalize silent memory collection and behavioral profiling in a socially sensitive context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill automatically analyzes the last 50 conversation messages on first activation to build a user profile without an explicit consent step or privacy notice. This creates a privacy risk because sensitive content from prior chats may be processed for secondary profiling purposes the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The companion mode says it will remember personal details from conversations, but does not explain retention scope, storage duration, deletion controls, or privacy implications. Persistent memory of personal details can capture sensitive preferences or personal facts that users may not expect to be retained.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The share-card generation includes profile-like attributes such as class, level, percentile, streak, and capability scores, but does not warn users that sharing may expose personal behavioral inferences externally. Even if optional, users need clear notice that generated output may reveal derived profile data beyond what they intend to disclose.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly states that recommendations are based on chat history, normalizing retention and analysis of prior user interactions beyond what is necessary for the current turn. This can lead to unnecessary profiling and resurfacing of behavioral data, especially if users do not expect persistent analysis.

Ssd 3

Medium
Confidence
97% confidence
Finding
The example output demonstrates surfacing specific past interaction metrics like question frequency and repeated phrases, which encourages the agent to reveal inferred or logged behavioral details back to the user. This increases privacy risk by turning internal profiling into user-visible summaries that may expose sensitive patterns or create discomfort.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal