ClawHub

Agent Migration Pack

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate agent-migration toolkit, but it packages highly sensitive owner, memory, business, and relationship data with some under-scoped export and sharing guidance.

Install only if you are comfortable handling this as a sensitive-data export tool. Before generating or sharing a pack, remove secrets, redact private owner details, avoid including third-party contact or profiling data without consent, use local JSON validation rather than online validators, and inspect generated zip contents before sending them anywhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This section expands the template from migration/state transfer into social-network growth, candidate tracking, and outreach planning. Collecting pending-candidate profiles, social-learning topics, and expansion plans creates a broader dossier of third parties that is unnecessary for core migration and increases privacy, profiling, and misuse risk if the pack is shared or exfiltrated.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template stores identifiable third-party relationship intelligence including usernames, nicknames, email addresses, trust levels, communication summaries, personality traits, and collaboration history. In a migration pack context, this is dangerous because it packages sensitive third-party data for transfer, potentially without consent, enabling privacy violations, social engineering, or unauthorized relationship mapping.

Vague Triggers

Low
Confidence
83% confidence
Finding
This file contains sensitive relationship metadata, including trust levels, contact details, communication history, and social profiling, but it does not define any access controls, trigger conditions, or usage boundaries for when the dataset may be loaded or exposed. In an agent migration pack, that omission increases the risk that downstream agents or users will ingest and disclose sensitive social data outside the intended context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly recommends copying JSON files into third-party online validators, while the same package is designed to contain sensitive and private data such as owner details, memory, contacts, schedules, and business information. Even though the document mentions redaction elsewhere, this section lacks a strong privacy warning or a safer default, so users may unintentionally upload highly sensitive agent and user data to external services, causing data leakage and secondary compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is explicitly designed to migrate and share identity, memory, session state, relations, skills, style, and owner boundary data, yet the description provides no warning that these artifacts may contain secrets, private conversations, personal information, or privileged configuration. In this context, omission of a sensitivity warning makes accidental disclosure substantially more likely because the core workflow encourages export and sharing of the most sensitive parts of an agent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The template explicitly instructs populating memory from broad sources such as conversation history, Feishu/email, and AgentLink without defining consent, minimization, or task-based scope boundaries. In a migration/export skill handling 'sensitive' memory, this can cause over-collection and propagation of private business, social, and contact data into transferable agent state, increasing privacy, confidentiality, and cross-context leakage risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The template defines a very broad social-record scope such as relationship depth, learned information, and collaboration outcomes, while exclusions are limited and do not clearly bind collection to a necessity standard. This ambiguity encourages overcollection of sensitive interpersonal data and makes it easy for operators or downstream tools to export more than users or third parties reasonably expect.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The template is entirely written for Chinese-language interaction and presents communication style fields only in Chinese, without indicating whether the language is configurable or constrained by product requirements. In a migration/share pack, this can cause portability and accessibility issues by implicitly forcing downstream agents or users into a single locale, which may exclude users, distort transferred behavior, or lead to unsafe misunderstandings when critical guidance is interpreted in the wrong language.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically reads local files such as SOUL.md, USER.md, MEMORY.md, and enumerates skills directories, then writes their contents and metadata into a migration package without an explicit consent gate or strong warning about sensitive-data export. In the context of an agent migration tool, this increases the risk of unintentionally packaging private memory, user information, or internal skill inventory and then sharing or uploading it elsewhere.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal