ClawHub

usewhisper-autohook

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it is built to automatically send and store full chat turns in an external memory service with limited user-control and privacy guidance.

Install only if you intentionally want Whisper to receive, store, and reuse conversation history. Avoid enabling it for confidential, regulated, or user-private chats unless you add consent, redaction/minimization, opt-out, retention, and deletion controls. Keep proxy mode bound to localhost and avoid exposing it or using broad provider API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to run hooks on every agent turn and names a pre-query and post-response flow, which implies automatic transmission of conversation data to an external service. Because there is no accompanying privacy notice, consent guidance, data minimization guidance, or retention/security disclosure, deployers may unknowingly exfiltrate sensitive user prompts and model responses on every interaction.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples show persistent identifiers such as user_id and session_id being sent alongside conversation content, enabling long-term linkage of user activity across turns. Without an explicit warning or guidance on pseudonymization, consent, and secure handling, this increases privacy risk and potential profiling impact if the external context service is compromised or misused.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation explains that it makes outbound requests to the Whisper Context API, but it does not clearly warn users that full user prompts and assistant replies may be transmitted to and stored by an external memory service. In a memory-oriented skill, that omission is security-relevant because operators may unknowingly send sensitive conversations, credentials, or personal data off-platform.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The proxy-mode section focuses on token reduction and routing but does not prominently disclose that conversation content and user/session identifiers are forwarded through a local proxy to both the upstream model provider and the external memory API. That creates a meaningful privacy and compliance risk because users may assume the proxy is only a local optimization rather than a component that duplicates and relays sensitive data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The provided system prompt explicitly tells the agent to always ingest the full user message and full final assistant reply into long-term memory. This is dangerous because it promotes indiscriminate retention of potentially sensitive, regulated, or secret data, and the instruction is framed as mandatory ('Always do this. Never skip.'), which removes opportunities for context-sensitive filtering.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal