ClawHub
Back to skill

Security audit

Biweekly Work Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a local work-log and report generator whose file writes are disclosed and aligned with its purpose, though users should know it stores ongoing work history locally.

Install only if you are comfortable with the agent keeping local Markdown records of your work under `~/.workbuddy/work-logs/` and writing report files into your workspace. Review those logs periodically, delete entries you do not want retained, and be aware that broad trigger phrases may start logging when you use casual Chinese recording language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description uses broad phrases and explicitly says it should activate on "any variation," which can cause the skill to run when the user did not intend to create or modify files. Because this skill performs filesystem reads and writes, accidental invocation has real side effects such as creating logs or generating report files unexpectedly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger table contains generic phrases like "记录" and "记录一下" without scope constraints, making unintended activation likely during ordinary conversation. In this skill, unintended activation is more dangerous because activation can immediately lead to persistence in `~/.workbuddy/work-logs/` or report generation in the workspace.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to read or create files under the user's home directory without requiring a user-facing warning or explicit consent at the moment of modification. That creates a transparency and consent problem: a user may trigger the skill conversationally and not realize local files are being created or appended to persistently.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill writes a generated report into the current workspace by default without a strong caution about destination, collisions, or overwrite behavior. While the default filename reduces some risk, writing into the workspace can still surprise users, create clutter, or overwrite an existing file if naming overlaps or user-specified paths are unsafe.

Session Persistence

Medium
Category
Rogue Agent
Content
Use `YYYY-MM-DD` format in Asia/Shanghai timezone.

### Step 2: Read or create daily file

Read `~/.workbuddy/work-logs/YYYY-MM-DD.md`. If it doesn't exist, create it
with this template:
Confidence
90% confidence
Finding
create daily file Read `~/.workbuddy

Session Persistence

Medium
Category
Rogue Agent
Content
| `【其他】` | Miscellaneous |

**Rules:**
- Always **append**, never overwrite existing entries.
- Use the time the user provides, or current time if not stated.
- One entry per distinct activity. Split compound descriptions.
- Descriptions in Chinese, one sentence. Keep it concise.
Confidence
88% confidence
Finding
write existing entries. - Use the time the user provides, or current time if not stated. - One entry per distinct activity. Split compound descriptions. - Descriptions in Chinese, one sentence. Keep i

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal