ClawHub

Council Builder

Security checks across malware telemetry and agentic risk

Overview

The skill appears legitimate, but it creates a persistent multi-agent memory system with broad local-context reading that needs careful review before installation.

Install only if you want a persistent local agent-council workspace. Before using it, ask the agent to skip history scanning unless you explicitly approve it, narrow the generated routing rules, and avoid saving secrets, credentials, personal data, regulated information, or confidential business details in memory or learning files. Review the generated AGENTS.md, memory, .learnings, config.json, and shared/learnings files periodically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to scan `memory/` files, workspace contents, and installed skills to infer user behavior without requiring explicit user consent or presenting a privacy notice at the point of use. Even if intended for personalization, this expands access to potentially sensitive data and can expose confidential project details, prior interactions, or installed capabilities beyond what the user expected to share.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The template tells builders to define trigger conditions as broad patterns matched against user input, but it provides no boundary, precedence, or least-privilege guidance. In a multi-agent routing system, overly generic triggers can cause inappropriate agent activation, sending user requests or context to specialized personas that were not intended to handle them and increasing the chance of over-collection, misrouting, or unsafe actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to write anything the user asks to 'remember' into a file establishes persistent storage of user-provided information without requiring notice, consent confirmation, retention limits, or sensitivity checks. This can lead to inadvertent storage of personal, confidential, or regulated data in workspace files, which may later be read by other agents or sessions.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The document instructs agents to save user preferences and mark setup state in a persistent config file, but it does not require notifying the user that data will be written to disk. In a skill that creates multiple agents and stores ongoing preferences across sessions, silent persistence can undermine user consent and create privacy surprises even if the data is not highly sensitive.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions use very broad natural-language phrases such as generic requests about writing, code, scheduling, or analysis, which can cause the wrong agent to be selected for ordinary user input. In a multi-agent system, misrouting can expose context to unnecessary agents, produce unintended actions, or bypass the user's intended workflow boundaries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file directs agents to persist conversation-derived corrections, knowledge gaps, feature requests, and other user feedback into long-lived markdown files without any data-minimization, sensitivity filtering, or consent requirements. In this council-building context, agents are explicitly personalized around a user's workflow, which increases the chance that secrets, business context, personal data, or confidential project details will be copied into persistent memory and later resurfaced or propagated.

Ssd 3

Medium
Confidence
95% confidence
Finding
These lines instruct agents to write user-provided information and feedback into learning files, creating a persistent natural-language memory that can unintentionally retain sensitive information and reproduce it later. Because the system is designed for ongoing multi-agent coordination, one agent's stored notes may become visible to other agents or future tasks, expanding the privacy and confidentiality risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The rule to immediately promote anything the user says to 'remember this' encourages broad, durable storage and wider propagation of potentially sensitive information without contextual safety checks. In a personalized agent-council skill, users may naturally ask agents to remember preferences, work patterns, contacts, project details, or even credentials, so automatic promotion increases both retention risk and cross-agent exposure.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal