ClawHub

阅读助手

Security checks across malware telemetry and agentic risk

Overview

This reading-summary skill is coherent and does not show malware behavior, but it does save extracted reading history locally by default.

Install only if you are comfortable with a local reading_log.json history of summaries, source labels or URLs, timestamps, and extracted snippets. Avoid using it on confidential emails, internal documents, or sensitive URLs unless you remove or disable the logging behavior and periodically delete any saved history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill presents itself as a simple reading/summarization tool but silently persists extracted results to a local JSON log. Because inputs may include pasted private text, emails, notes, or sensitive URLs, this creates an undisclosed data-retention channel that expands the privacy and security risk beyond the stated purpose.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Automatic persistence is not required to perform summarization, so storing reading-derived content by default violates data minimization principles. Even if only summaries are stored, they can still reveal sensitive source topics, timestamps, and user behavior patterns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description omits that user inputs and derived content are automatically saved, preventing informed consent. In a reading assistant context, users are likely to paste proprietary documents, messages, or personal notes, so undisclosed storage materially increases privacy exposure.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill automatically stores reading-derived user content in a persistent local file, which can accumulate sensitive material over time. Local persistence increases the blast radius of compromise because later users, processes, backups, or malware may access the saved summaries and metadata.

Ssd 3

Medium
Confidence
96% confidence
Finding
The logging function writes source identifiers, timestamps, statistics, and extracted content from arbitrary pasted text or fetched URLs into a JSON file without user consent or sanitization controls. In this context, users may summarize confidential articles, internal documents, or personal communications, so default logging creates a real privacy and data-leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal