ClawHub

Call

Security checks across malware telemetry and agentic risk

Overview

This call-management skill is not malicious, but it can read sensitive local call history under broad activation wording that users should review before installing.

Install only if you are comfortable with an agent reading local call notes under memory/calls. Prefer using it with explicit requests like preparing for a named call, and review or clear stored call records if they contain sensitive business or personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions, but its documented behavior explicitly reads local files under `memory/calls/` and references multiple local data stores. That mismatch can bypass user or platform expectations about what the skill accesses, especially because call records and contacts are sensitive data. In this context, undeclared file-read capability is more dangerous because the skill is designed to aggregate conversation history, commitments, and contact intelligence from private local records.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is very broad—triggering on mentions of phone calls, meetings, conversations, commitments, or follow-ups—which could activate the skill during ordinary discussion rather than when the user explicitly wants call-management actions. That creates a risk of unnecessary processing or storage of sensitive conversational details, particularly problematic here because the skill handles private call notes and relationship history. The context increases risk because normal business chat often contains exactly the kinds of sensitive details this skill is designed to capture.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal