ClawHub

StyleBuddy

Security checks across malware telemetry and agentic risk

Overview

StyleBuddy is a coherent wardrobe assistant, but users should understand it stores wardrobe data and photos locally and may contact a weather service.

Install only if you are comfortable with a wardrobe assistant keeping local records of clothing, outfit history, preferences, backups, and saved images. Avoid uploading photos with sensitive background details, review local backups/images periodically, and keep optional image-search or image-generation API keys disabled unless you trust those providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (27)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The task spec adds calendar-reading capability for a wardrobe assistant without explaining necessity, data minimization, or consent. Calendar data can reveal sensitive schedules, locations, contacts, and habits, so adding this access expands the skill beyond its stated purpose and creates avoidable privacy risk.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
External image search introduces network egress and can transmit user queries, preferences, or derived wardrobe context to third-party services without clear disclosure. For a fashion assistant, this may be useful, but it still broadens data exposure beyond the core local wardrobe-management function.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
AI image generation is not obviously required by the manifest description and may cause user data or prompts to be sent to an external model provider. While less sensitive than calendar access, it still adds undeclared external processing and supply-chain/privacy exposure.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The model exposes unrestricted backup and restore capabilities that operate on the full stored wardrobe dataset, which exceeds the stated user-facing skill scope. If these methods are reachable through agent actions, they can enable bulk data exfiltration, unauthorized rollback, or malicious data overwrite from attacker-controlled files, increasing privacy and integrity risk beyond normal wardrobe management.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The code persists user-provided shopping images into a local wishlist assets directory and records the saved path in the database, which goes beyond transient consultation and creates lasting storage of user content. This is dangerous because it expands the data-retention surface for potentially sensitive photos without any visible consent, retention control, or access restrictions in this code path.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The documentation explicitly states the skill is primarily for female users and notes that 90% of images/templates target women, without documenting user choice, inclusive defaults, or a legitimate restriction. In a consumer styling skill, this creates a biased experience and can systematically exclude or mis-serve other users, which is a real product security/safety concern in the form of unfair or discriminatory behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation guidance is extremely broad and encourages natural-language triggering without clear boundaries, which can cause the skill to activate on ordinary conversation rather than deliberate user intent. In an always-available assistant context, this increases the chance of unintended data access or actions based on casual speech.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger phrase "今天穿什么?" is common everyday speech, so it overlaps heavily with normal conversation a user may have with a general assistant. That makes accidental invocation plausible, especially because the skill is marketed as requiring no keywords and behaving like natural chat.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that a user profiling system records preferences, but it does not provide any user-facing privacy notice, consent flow, retention policy, or explanation of how that data is used. Because fashion preferences and wardrobe data can reveal sensitive behavioral and demographic information, silent profiling creates privacy and trust risks.

Vague Triggers

Medium
Confidence
73% confidence
Finding
Claiming the skill works through unrestricted natural conversation without clear trigger boundaries can cause over-broad invocation and accidental routing of unrelated user messages into the skill. That increases the chance that sensitive personal content or images are processed unexpectedly by a skill with storage and network-related capabilities.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The usage guidance says interaction can be completely natural, but does not specify activation limits, confirmation requirements, or which actions may persist or transmit data. In context, this makes accidental data collection more likely, especially for wardrobe photos, preference profiling, and shopping-related content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The markdown advertises photo collection and analysis, including multimodal recognition and local analysis fallback, but provides no privacy warning about how images are stored, processed, retained, or shared. Photo intake can expose highly personal lifestyle information, so missing disclosure undermines informed consent and increases privacy harm if data is retained or mishandled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill says it records body data and style preferences to build a user profile, but does not explain the privacy, bias, or misuse implications of collecting this personal profiling data. Even if not traditionally regulated sensitive data, body-related attributes and preference profiles are intimate personal information that can enable intrusive profiling or embarrassment if exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The spec includes calendar reading and backup/restore features but provides no user-facing warning about the sensitivity of the accessed and stored data. These features can expose highly personal information and increase the blast radius if data is mishandled, backed up insecurely, or restored from tampered sources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The task spec calls for multiple external API integrations without warning that user or system data may be transmitted off-device. Even if the transmitted fields seem limited, this omission prevents informed consent and can lead to unanticipated privacy leakage through third-party services.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Hard-coding a 90% female-focused dataset without user choice creates unfair bias in recommendations and degrades service quality for other users. In a styling assistant, recommendation bias directly affects outputs, making the issue more consequential than a purely cosmetic dataset imbalance.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The notes explicitly reinforce a female-oriented bias in images and templates without a user-selectable option. This can systematically shape recommendations, reduce inclusivity, and encode product behavior that is misaligned with diverse users' needs.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad, everyday Chinese terms like “穿搭”, “衣服”, “衣橱”, and “搭配”, which can appear in normal conversation outside an explicit request to invoke this skill. This increases the chance of unintended activation, causing the skill to intercept unrelated user queries, access context it was not meant to handle, or create confusing cross-skill behavior.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Backup and especially restore/import are state-changing operations that can overwrite or alter stored wardrobe data, yet this handler performs them directly based on simple keyword matching with no confirmation prompt or warning. In an assistant context, accidental invocation, ambiguous intent, or prompt-triggered actions could lead to unintended data loss or replacement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function copies a user-supplied image into persistent local storage without any visible notice, consent flow, or privacy control. In a wardrobe/shopping skill, uploaded images may contain people, surroundings, receipts, or other sensitive information, so silent persistence increases privacy risk and the consequences of later unauthorized access.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
pillow>=10.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
95% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
pillow>=10.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
95% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
pillow>=10.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
94% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
pillow>=10.0.0
requests>=2.31.0
python-dateutil>=2.8.0
Confidence
92% confidence
Finding
python-dateutil>=2.8.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyyaml

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal