ClawHub

Meme Analyst

Security checks across malware telemetry and agentic risk

Overview

This is not malicious, but it should be reviewed because it can automatically ingest Telegram media and persist channel/user explanations without clear consent or retention limits.

Install only if you intend to use the Telegram ingestion and memory features. Limit it to approved public or authorized channels, avoid private screenshots unless you are comfortable with text being searched externally, and configure the agent to ask before saving user explanations or long-term channel profiles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a meme explanation tool, but it also performs ongoing Telegram channel ingestion, media downloading, state tracking, and report generation. That scope expansion materially changes its data access and persistence profile, creating a hidden surveillance/data-collection capability that users and operators may not expect from the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Maintaining persistent channel profiles, IDs, themes, irony baselines, and processing state is not strictly necessary for basic meme explanation and increases long-term data retention risk. If abused or misconfigured, this memory can be used to profile channels and accumulate sensitive contextual information over time.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation criteria are broad enough to activate on ordinary images, screenshots, jokes, and meme-like content, which can cause the skill to run in many contexts beyond its intended niche. In this skill, over-broad triggering is more dangerous because activation may lead to web searches, memory access, and persistent storage, expanding unnecessary handling of user content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to store user explanations in a knowledge base without notifying the user or obtaining consent. User explanations may contain personal opinions, sensitive context, or identifiers, so silent retention creates privacy and trust risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cron workflow fetches and downloads Telegram media, then analyzes and summarizes it, but provides no privacy, provenance, or handling constraints. Automated collection of channel content at scale increases the risk of processing private, copyrighted, or sensitive material without adequate governance.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly directs persistent collection of user-provided explanations into long-term memory. That creates an unnecessary data retention channel for conversational content, which may later be reused out of context or expose user information if the memory store is accessed improperly.

Ssd 3

Medium
Confidence
95% confidence
Finding
Interactive mode says that when a user explains a meme, the agent should thank them and store the explanation automatically. Default persistence in a user-facing chat context is risky because users are unlikely to expect their replies to become durable knowledge-base entries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal