ClawHub

Item manager

Security checks across malware telemetry and agentic risk

Overview

This item-location skill appears non-malicious, but its broad Chinese triggers can accidentally save private item and location details from normal conversation.

Install only if you are comfortable with the agent storing item names, storage locations, categories, and expiry dates. Use it in a dedicated context or with explicit item-management phrasing, and review or delete stored records if ordinary conversation may have triggered unintended saves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README indicates that natural phrases like “xx 在 xx” are directly recorded and explicitly says no special prefix like “记住” is required. That makes the trigger surface broad enough to overlap with normal conversation, increasing the chance of unintended writes from incidental user speech or unrelated dialogue. In a state-changing item-management skill, accidental activation can corrupt stored inventory/location data and reduce trust in the system.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger list is excessively broad and contains common everyday Chinese words such as “在”, “放”, “哪里”, and “列出”, which can cause the skill to activate during ordinary conversation unrelated to item management. Because the skill has filesystem, memory, and llm dependencies and supports recording data from natural language, accidental activation could lead to unintended storage, retrieval, or processing of user information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documentation says the skill can be used with direct natural speech and does not define clear activation boundaries, which increases the chance that unrelated conversational text is interpreted as commands. In a skill that stores remembered locations and expiration data, this ambiguity can cause unintended writes or misleading reads, even if no explicit malicious behavior is present.

Vague Triggers

High
Confidence
94% confidence
Finding
Claiming automatic recognition of the generic sentence form “物品 在 位置” without contextual narrowing is dangerous because this pattern appears frequently in normal language. In this skill’s context, that means many benign utterances could be misclassified as inventory updates, causing memory pollution, incorrect item locations, or accidental retention of sensitive personal information about possessions and storage habits.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal