ClawHub

Think Expand

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it asks to act as an always-on central controller that can inspect all input, learn from the web, record user behavior, and monitor the clipboard without clear controls.

Install only if you intentionally want an always-on orchestration skill that can see broad user input and retain local learning/profile data. Before using it, confirm how to disable startup behavior, clipboard monitoring, automatic GitHub learning, habit recording, and local database retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill declares that all user input is automatically routed through this core, giving it a global interception role without clear scoping, consent, or exclusion boundaries. In context, this is especially dangerous because the same skill also claims decision authority, memory access, and downstream dispatch, which could expose sensitive prompts and expand the blast radius of any faulty or unsafe behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Automatic activation at system startup is insufficiently constrained because it enables the skill to run before the user has visibility into what it will do or what resources it will access. That risk is amplified here by claims of self-healing, continuous operation, and orchestration over other cores, creating persistence-like behavior inside the agent environment.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill describes automatically searching GitHub, extracting information, and storing it locally, but provides no warning, approval step, or controls for network access and retained content. This creates risks of unreviewed ingestion of untrusted external data, privacy issues, and persistence of potentially harmful or copyrighted material in the local knowledge store.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly mentions recording user habits, predicting future needs, and clipboard monitoring without any privacy notice, consent flow, minimization policy, or access restrictions. In this context, those features amount to sensitive behavioral surveillance and collection of potentially confidential clipboard contents, which can easily capture secrets, personal data, or proprietary information.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction to record user habits and predict future needs is a direct profiling and retention behavior, which can accumulate sensitive behavioral data over time without clear necessity or user control. Because this skill is positioned as a central always-on orchestrator, the profiling scope could span most interactions, making the retained dataset unusually comprehensive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal