ClawHub
Back to skill

Security audit

Diary

Security checks across malware telemetry and agentic risk

Overview

This diary skill is local and purpose-aligned, but it handles private memory files and creates diary outputs that users should review before sharing.

Before installing, review the configured memory and diary paths, especially SOUL.md, MEMORY.md, daily memory, and the diary output folder. Treat generated Markdown and PNG diary files as private until reviewed or redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The initialization workflow explicitly instructs the agent to copy a template into config.yaml and write detected local paths into that file, but it provides no requirement to obtain explicit user confirmation before modifying the filesystem. In an agent setting, silent creation or modification of local config files can violate user expectations, overwrite existing settings, or disclose private path structure into generated artifacts.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The success criteria state that the skill should write diary text files and generate image output, and earlier steps also permit creating missing directories, yet the document never instructs the agent to warn the user that new filesystem content will be created. In a personal diary skill, these outputs may contain sensitive private data, so silent file generation increases privacy and integrity risk if written to unintended locations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README states that the skill reads SOUL, MEMORY, and daily memory materials and writes configuration data, but it does not clearly warn users about the sensitivity of that personal data, retention behavior, or possible downstream exposure in generated diary text/images. In a journaling skill, this context increases risk because highly personal content may be processed, persisted, and exported into shareable artifacts without users understanding the privacy implications.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is broad enough to overlap with ordinary user requests like '写日记', '补昨天日记', or '自动日记归档', which can cause the agent to invoke the skill in situations where the user did not explicitly consent to file reads/writes and image generation. In this skill's context, that risk is amplified because execution includes automatic initialization, reading personal memory/diary sources, and writing output files, so a misfire could expose or modify sensitive personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.