ClawHub

Algernon Debate

Security checks across malware telemetry and agentic risk

Overview

This debate skill is understandable, but it can store or export debate notes to Notion and local logs without clear user approval.

Install only if you are comfortable with this skill reading a local study database and saving debate summaries. Before use, remove or edit the Notion and memory sections unless you explicitly want them, verify the Notion account and page, and require a preview before anything is appended or logged.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose is to run an interactive debate, but it also defines direct access to a local SQLite database and an external CLI for Notion. This expands the skill’s capabilities beyond what a user would reasonably expect, increasing the risk of unintended data access or exfiltration if the skill is invoked in normal use.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to publish debate content to Notion and append session details to a conversation log, even though the manifest presents this as a debate experience rather than a persistence workflow. That mismatch creates a privacy and data-handling vulnerability because user inputs, synthesized conclusions, and perceived argument gaps may be stored or transmitted without informed consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
External publishing to Notion is not necessary to fulfill the core function of facilitating a technical debate. Adding outbound content transfer creates a clear exfiltration path for user-provided arguments and synthesized evaluations, especially because the content may include sensitive project, architecture, or interview-preparation details.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill persists user debate content to Notion and local logs without any warning in the manifest or runtime flow that their inputs will be stored. This undermines informed consent and can expose sensitive opinions, design discussions, or proprietary technical details entered during the debate.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions explicitly call for logging the topic and gaps in the user’s arguments in plain language, which can create durable records of sensitive weaknesses, opinions, or proprietary reasoning. Plain-language logs are easy to read, search, and repurpose, making accidental disclosure or misuse more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal