ClawHub

Adhd Assistant Repo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ADHD-focused productivity assistant, but users should be careful about letting it remember health-adjacent details.

Install only if you want ADHD-framed productivity support and are comfortable with memory-based personalization. Avoid saving diagnosis, medication, therapy, or crisis details unless you know how SkillBoss memory can be reviewed and deleted, and confirm target files before allowing plans or summaries to be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation criteria are broad enough to trigger on generic productivity, overwhelm, or planning requests, not just ADHD-specific scenarios. In a mental-health-adjacent skill, this increases the chance that users are funneled into ADHD-framed guidance or memory/scheduling behaviors without clear consent, which can lead to inappropriate handling of sensitive context or misclassification of normal productivity issues as ADHD-related.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly proposes storing sensitive mental-health-related information such as ADHD status, treatment context, emotional sensitivities, and behavioral patterns in memory, but does not require clear user notice, granular consent, or data-minimization limits. This creates privacy and safety risk because sensitive health-adjacent data could be retained unnecessarily, exposed to other tools or workflows, or used in ways the user did not reasonably expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal