ClawHub

Session Context Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only local session-notes skill whose main risk is accidental persistence of sensitive project details, not hidden execution or exfiltration.

Install only if you want project-local session notes. Do not store passwords, tokens, private keys, raw `.env` contents, connection strings, internal URLs, or detailed credential setup in `.context/`; add `.context/` to `.gitignore` unless you intentionally want it versioned, and review restored notes before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs users to persist detailed project context, including environment state and credential-related setup details, into `.context` files without any privacy guardrails, redaction guidance, or storage restrictions. This creates a realistic risk of sensitive information being written to disk, archived over time, and later exposed through repository inclusion, backups, shared workspaces, or other tools that ingest project files.

Ssd 3

Medium
Confidence
95% confidence
Finding
The opening description frames cross-session persistence of environment details and credential setup as a normal and desirable behavior. Because session-bridging skills are specifically designed to retain and reload prior state, this context makes the pattern more dangerous: sensitive operational details can be repeatedly propagated into future sessions and surfaced to other tools or users long after they were needed.

Ssd 3

Medium
Confidence
97% confidence
Finding
The example and template concretely normalize recording items like `DATABASE_URL in .env`, runtime versions, active services, and other environment details in persistent markdown files. Even when the example avoids printing the secret itself, it trains users to capture credential-adjacent and infrastructure metadata that can aid lateral movement, targeted phishing, environment fingerprinting, or accidental disclosure when these files are shared.

Ssd 3

Medium
Confidence
94% confidence
Finding
The save workflow instructs users to write fully populated context files, archive them, and verify the contents, but it provides no step to review, scrub, or exclude sensitive information before persistence. Archiving increases exposure by creating a historical record of potentially sensitive operational context, making accidental retention and later leakage more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal