ClawHub

reply-coach

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it claims: it reads the current macOS clipboard to help draft chat replies, with no evidence of hidden network access, persistence, or message sending.

Install only if you are comfortable with the skill reading your current clipboard when invoked. Before using it, check that the clipboard contains only the chat text you intend to share, not passwords, private notes, or unrelated copied content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly reads clipboard contents, which can contain highly sensitive chat data, but the README does not warn users about privacy risks, data minimization, or safe handling expectations. In a messaging-assistant context this increases the chance users will expose private conversations, secrets, or personal data without informed consent or caution.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and conversational, such as asking to analyze copied chat content or help reply, which can overlap with ordinary user requests and cause the skill to run unexpectedly. Because the skill reads clipboard contents, an accidental trigger can expose sensitive chat data without a clear, deliberate user action tied specifically to clipboard access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is designed to read chat content directly from the clipboard, but the description and usage guidance do not warn users that private or unrelated clipboard data may be accessed. This is dangerous because chat logs often contain sensitive personal information, and clipboard contents can change unexpectedly, leading to inadvertent disclosure or processing of private data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads the entire clipboard via a shell command and then prints it back to stdout without any prior warning, confirmation, or minimization. In an agent/skill context, clipboard contents may contain sensitive data unrelated to the intended chat text, so this creates a real privacy and unintended disclosure risk even though the functionality appears intended for convenience.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal