ClawHub

Xiaoshan Journal

Security checks across malware telemetry and agentic risk

Overview

This diary skill is coherent and local, but it intentionally reads personal memory files and writes diary/config outputs, so users should review paths before use.

Before installing, review or create config.yaml yourself and point it only at files you are comfortable using in generated diary text and images. Keep the diary output directory private, and verify that config.yaml and generated diary files are excluded from version control if you use git.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Low
Confidence
93% confidence
Finding
The initialization instructions explicitly tell the agent to copy `config.template.yaml` to `config.yaml` and write detected local paths into it, but they do not require user confirmation or warn that local files will be created or modified. In an agent-execution context, silent filesystem writes are risky because they can change local state, expose private path information, or overwrite existing configuration unexpectedly.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill instructs creation of `paths.diary_text_dir` when missing, again without warning or obtaining consent for filesystem changes. Even though directory creation is operationally useful for this diary skill, unattended creation of local directories can alter user environments unexpectedly and may create data in sensitive or unintended locations if path detection is wrong.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states the skill automatically reads highly privacy-sensitive local files such as SOUL.md, daily memory, and recent journals, but it does not clearly warn users about the scope and sensitivity of that access before use. In an agent skill context, this can lead to unintentional over-collection of personal data and disclosure into generated outputs, logs, screenshots, or downstream tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes first-run automatic path detection, directory creation, and config file generation without a prominent warning that the skill will modify the user's filesystem. Silent or unexpected file creation is risky in an automation skill because it can alter user environments, create sensitive config artifacts, or operate on incorrectly detected paths.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs automatic creation of `config.yaml` and `diary_text_dir` after probing local paths, but it does not present a clear warning or confirmation step before modifying the filesystem. In a local automation context this can lead to unintended writes in user directories and surprising side effects, especially because the target paths are auto-discovered rather than explicitly chosen by the user.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The main workflow requires reading personal sources including `SOUL.md`, daily memory files, and the last 7 days of diary entries, with optional reading of broader memory and identity files, yet there is no privacy notice or consent gate. Because these files are highly personal by design, silent ingestion increases the risk of exposing sensitive data to the agent, logs, downstream tools, or generated outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal