ClawHub
Back to skill

Security audit

Reflection Engine

Security checks across malware telemetry and agentic risk

Overview

This is a small local analysis skill that reads a disclosed knowledge graph and prints theme counts, with one under-disclosed local log-file side effect to consider.

Before installing or running, inspect the target knowledge_graph.json because it may contain private memory content, edit the hard-coded paths to a location you control, and be aware the script may create or open reflection.log even though the skill declares read-only permission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill description says it returns recurring themes, but the implementation only prints them to stdout and also initializes file-based logging. This mismatch is risky because it can mislead users and reviewers about how data is handled, and in agent environments stdout/log side effects may expose sensitive analysis results to unintended sinks instead of returning them through the expected interface.

Scope Creep

High
Confidence
98% confidence
Finding
The code configures logging to write to /home/albion/albion_memory/reflection.log even though the skill declares only read permission. This is a real permission-boundary violation because it introduces undeclared filesystem writes, which can create, modify, or append persistent data and undermine the trust model of a read-only skill.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill reads and analyzes a knowledge graph that may contain highly sensitive personal or behavioral data ('inner life', dreams, recurring themes) without any visible disclosure, consent flow, or minimization. In this specific skill context, that makes the issue more serious because the targeted data is intimate by design, and derived theme extraction can reveal private mental patterns even if raw records are not exfiltrated.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal