ClawHub

ai-retrospective

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only retrospective skill, but it can review the full chat and automatically write reports or persistent memory without a clear approval step.

Install only if you are comfortable with the skill reviewing the full current conversation. Use an explicit invocation, avoid running it in sessions containing secrets or private data, and override the workflow to ask before saving reports or writing memory/config changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase "review this session" is broad enough that it could be invoked during ordinary conversation rather than as an intentional command. In this skill's context, accidental activation can cause the assistant to analyze prior conversation history and potentially generate or save retrospective output unexpectedly, which is a real safety and privacy concern even without malicious intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic report saving and knowledge persistence but does not prominently warn that these actions may write files or persist conversation-derived content. Because the skill analyzes full session history, this can lead to unintended storage of sensitive prompts, code details, decisions, or preferences, making the data-impacting behavior materially risky in this context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include very generic terms like “review this session” and “retro”, which can plausibly appear in ordinary conversation and unintentionally activate the skill. In this skill’s context, activation causes broad conversation analysis and potentially downstream actions such as report generation and knowledge persistence, so accidental invocation can expose or process more context than the user intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states the skill will output a full report and also save it to a file automatically, but does not present a clear user-facing warning or consent step. Because the report is derived from the entire conversation, it may contain sensitive prompts, code, secrets, internal decisions, or personal data, and automatic persistence increases the risk of unintended retention or later exposure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "回顾一下" is a common conversational request meaning roughly "review this" or "look back a bit," so it can activate the skill during ordinary dialogue rather than an intentional retrospective request. Because this skill can write files and perform persistence-related actions, accidental invocation increases the chance of unexpected analysis output or workspace modifications.

Vague Triggers

Medium
Confidence
98% confidence
Finding
The trigger "retro" is highly ambiguous and commonly used as shorthand in many contexts unrelated to this skill. That makes unintended activation plausible, which is risky here because the skill is designed to inspect the full conversation and may write retrospective artifacts to the workspace.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The phrase "review this session" is broad enough to overlap with normal assistant interactions, especially in coding contexts where users may ask for a casual recap. In this skill, accidental activation is more dangerous than usual because the workflow includes comprehensive context analysis, mandatory full output, and possible file writes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs saving retrospective reports into the workspace, but it does not require prior user consent or a conspicuous warning that project files may be created or appended. This can lead to unexpected repository changes, clutter, or modification of tracked files during what appears to be a read-only analysis request.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Automatic knowledge persistence is more sensitive than ordinary file output because it can modify long-lived memory, project notes, or configuration that influences future assistant behavior. Without a clear warning and opt-in, the skill can silently alter persistent state, causing privacy issues, unwanted behavioral drift, or difficult-to-trace configuration changes across later sessions.

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
The guidance explicitly suggests persisting global user preferences such as language choice (e.g., "Reply in Chinese") without mentioning user consent, retention limits, or review controls. Even though the example appears harmless, storing user preferences across sessions without explicit opt-in can create privacy and governance issues, especially if the system generalizes this pattern to other personal preferences.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Dimensions with no findings are omitted entirely — don't output empty sections.
-->

## Auto-Executed Actions

{{AUTO_ACTIONS}}
Confidence
79% confidence
Finding
Auto-Execute

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
{{AUTO_ACTIONS}}

<!--
List operations auto-executed during this retrospective:
- [Knowledge] Persisted XXX to <location>
If no auto-executed operations, write "None"
-->
Confidence
91% confidence
Finding
auto-execute

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal