ClawHub

Synapse Wiki

Security checks across malware telemetry and agentic risk

Overview

This skill coherently manages a local wiki and its main risk is expected persistent local writing when users initialize, ingest, query, or enable integrations.

Install only if you want a local persistent wiki that writes summaries, indexes, logs, and query outputs under paths you choose. Use a dedicated wiki folder, avoid placing secrets in raw materials, review generated pages before sharing them, and enable synapse-code/wiki auto logging only for projects where persistent documentation of technical decisions is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and instructs shell execution plus read/write operations over user-specified wiki paths, but it does not declare permissions or boundaries for those capabilities. This is dangerous because an agent may perform filesystem and shell actions without explicit consent framing, increasing the risk of unintended writes, path misuse, or execution in sensitive directories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The release notes advertise cross-session state persistence via `state.json` but do not warn users that conversation/task data may be retained on disk. In an agent skill context, persisted state can contain sensitive project details, prompts, paths, or credentials, so lack of disclosure and retention guidance creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The notes describe automatic wiki interoperability that triggers knowledge deposition after pipeline completion, but they do not warn that project data may be copied or propagated automatically. In a knowledge-management skill, silent automatic writes can expose proprietary code, internal docs, or sensitive task outputs to a broader persistent store than the user expects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The sample configuration sets `wiki_enabled: true`, normalizing automatic data sharing/writes without any adjacent warning about privacy, data flow, or review controls. Because this skill is specifically designed for knowledge ingestion and persistent accumulation, enabling interop by default materially increases the chance that sensitive project artifacts are stored or propagated unintentionally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are very broad: references to wiki, knowledge base, ingesting materials, querying knowledge, or organizing documents are common in normal conversation. Overbroad routing can cause the skill to activate unexpectedly and run write-capable workflows in contexts where the user did not intend to modify a knowledge store.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description emphasizes automatic ingestion, incremental compilation, and persistent knowledge construction, but it does not warn that these actions write to the filesystem. Users may interpret this as a purely analytical feature and unintentionally authorize modifications to local directories and documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The interop section describes automatic ingestion after another pipeline completes, writing technical decisions, bug fixes, and API changes into a project wiki without any warning, gating, or approval step. Automatic cross-skill writes are more dangerous than manual use because they can silently persist sensitive project information or alter documentation as a side effect of unrelated workflows.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal