ClawHub

LLM-Wiki-skills

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only local wiki skill that openly reads and updates wiki files for knowledge management, with no evidence of hidden code, credential use, exfiltration, or destructive behavior.

Install only if you want an agent to maintain a persistent local wiki. Use a dedicated wiki/raw folder, avoid pointing it at unrelated sensitive files, and ask the agent to show planned file changes before ingesting sources, logging queries, or filing generated answers back into the wiki.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README advertises that the skill creates and updates wiki structures automatically, but it does not clearly warn users that invoking the skill may modify persistent files. In a knowledge-base skill, silent writes are security-relevant because they can cause unintended data changes, pollute trusted documentation, or overwrite user-maintained content if the agent acts on ambiguous prompts.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README states that ingest auto-updates cross-references and that query can file answers back into the wiki, but it does not prominently disclose this data-changing behavior or its scope. Because this skill is specifically designed to maintain persistent knowledge over time, automatic write-back increases the risk of accidental persistence of hallucinated, sensitive, or unwanted content into the user's knowledge base.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automatically saving valuable answers back into the Wiki and persistent knowledge accumulation, but it does not clearly warn users that derived content and captured material will be written to long-lived storage. This can cause users to persist sensitive, copyrighted, or otherwise inappropriate content without realizing the retention and review implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow describes capturing web content through Obsidian Web Clipper, processing it with AI tools, and storing it in a knowledge base, but it omits any privacy or data-handling warning. Users may unknowingly send sensitive browsing content or notes through external applications and services, increasing the risk of unintended disclosure or policy violations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text is very broad ('Always use this when user mentions ingest, add source, process document, or update wiki with new content'), which can cause the agent to invoke this skill for generic document-processing requests outside the intended wiki context. In a Write/Read/Glob/Grep/Bash-capable skill, unintended activation increases the chance of unnecessary file reads, wiki modifications, and workflow confusion.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The 'When to Use This Skill' section lists activation criteria that are broad and ambiguous, including generic phrases like 'process document' and 'update wiki with new information.' Because the skill is designed to read external sources and update multiple files, ambiguous invocation criteria can lead to accidental execution on unrelated content and unintended edits across the knowledge base.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance is very broad, including generic phrases like 'personal wiki' and 'organizing accumulated knowledge with an LLM,' which can cause the skill to activate in situations where the user did not specifically request wiki initialization. Because this skill is write-capable and designed to create directories and files, unintended invocation can lead to unwanted filesystem modifications or confusing workflow hijacking.

Vague Triggers

Low
Confidence
83% confidence
Finding
The 'When to Use This Skill' section only lists positive activation cases and does not define boundaries or exclusions. In practice, this increases the chance of misrouting ambiguous requests to a file-creating skill, which is risky because the tool compatibility includes Write and Bash operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes creating directories and files but does not prominently warn, up front, that running it will modify the filesystem. Even though later steps say to ask for location first, the lack of an explicit user-facing warning about disk writes reduces informed consent and increases the chance of unexpected changes in the wrong project or path.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger guidance is broad enough to activate on generic terms like 'check', 'maintenance', 'clean up', or 'verify wiki quality', which can cause the skill to run in contexts unrelated to wiki linting. Over-broad activation increases the chance of unintended file reads/writes and incorrect task routing, especially because this skill has Write, Glob, Grep, and Bash compatibility.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'When to Use This Skill' section repeats ambiguous triggers without clear scope boundaries, making accidental invocation likely when a user asks for routine checking or cleanup in a non-wiki context. In this skill, accidental invocation is more concerning because the workflow instructs broad scanning of pages and modification of log.md, which can lead to unnecessary access or changes.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description includes broad activation guidance such as 'Always use this when user mentions schema, conventions, maintain, update rules, or modify wiki structure,' which can cause the skill to trigger on loosely related requests. Overbroad routing increases the chance the agent applies write-capable wiki-maintenance behavior in the wrong context, leading to unintended file edits or schema changes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'When to Use This Skill' section lists generic phrases like modifying conventions, refining workflows, or adapting structure without requiring that the target actually be this wiki system. In a write-enabled skill, ambiguous activation conditions can misroute unrelated maintenance tasks into this workflow, causing accidental modifications to CLAUDE.md, page schemas, or other wiki assets.

Vague Triggers

High
Confidence
96% confidence
Finding
The frontmatter says to use this skill whenever the user mentions very common verbs like "query, ask, question, compare, analyze," which are broad enough to trigger in many unrelated conversations. That can cause the agent to activate this skill outside a clear wiki context, leading to unnecessary file reads and unintended write behavior described elsewhere in the skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Use This Skill' section repeats ambiguous conditions such as any user asking a question, wanting a comparison, or requesting analysis, without limiting them to the wiki knowledge base. In context, this increases the chance of accidental invocation and can chain into reading project files or modifying wiki artifacts even when the user only wanted a normal answer.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to optionally create a new wiki page and to append every query to log.md as part of normal operation, but it does not require explicit user consent for those writes. In a query skill, users reasonably expect read/search behavior; silent persistence of prompts, answers, and derived content can leak sensitive information, pollute the knowledge base, and create unauthorized modifications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal