ClawHub

lianggeskills

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal task assistant with local task memory and reminder behavior, with usability/data-loss risks but no evidence of hidden access, exfiltration, or malicious behavior.

Install only if you want a highly personalized Chinese-language assistant that keeps local task state, sends periodic reminders, and reacts to casual phrases. Avoid storing secrets in task titles or blockers, and consider editing the deletion behavior, triggers, timezone, and work hours if you need stricter control or an undo path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The "放弃任务" handler moves one matched task into the abandoned list, but then immediately overwrites `self.memory["tasks"]["4_abandoned"]` with an empty list, effectively deleting all abandoned-task records. This is a real integrity issue because a user asking to abandon one task can silently destroy historical state for every previously abandoned task, making auditability and recovery impossible.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code performs destructive deletion of task data without warning, confirmation, undo, or archival. In this skill's context, task memory is the core state of the assistant, so silent deletion can cause irreversible loss of user work-tracking data and make accidental or ambiguous commands disproportionately harmful.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill defines very broad trigger phrases such as “在吗”, “?”, and “怎么样了”, which are common in ordinary conversation and can easily be activated unintentionally. This creates instruction-hijacking risk inside normal chats, causing the agent to change state, reveal progress, or interrupt ongoing work based on ambiguous user input rather than clear consent.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The skill hard-codes a Chinese locale, Chengdu time zone, work schedule, and a named employer context without any user opt-in or runtime confirmation. While not directly an exploit primitive, this can cause the assistant to mis-handle users in other languages, time zones, or identity contexts, leading to incorrect behavior, privacy confusion, and unauthorized personalization assumptions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The prompt binds vague inputs like “在吗”, “?” and “怎么样了” to immediate high-priority status reporting. This can cause unintended stateful behavior from ambiguous user messages, making the agent reveal workflow context or interrupt current tasks without clear confirmation. In this skill’s context, the risk is higher because the agent is instructed to operate autonomously and track ongoing work, so accidental activation can expose sensitive task status or derail intended interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal