ClawHub

Erp Skill Research

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent as an OCD ERP coaching aid, but it asks agents to create scheduled shell commands and save sensitive therapy records in ways that deserve careful review.

Install only if you are comfortable with the agent creating and removing scheduled reminders and saving sensitive ERP records locally. Confirm every cron command before it runs, prefer removing only specific job IDs, avoid saving therapy notes to shared or synced Desktop folders, and treat Feishu reminders as disclosure of mental-health information to an external channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
The skill embeds host-level command execution for notifications and audio playback (`osascript`, `notify-send`, `afplay`, `paplay`, `aplay`, `say`) inside a therapeutic workflow. Even if intended for reminders, this expands the skill from conversational guidance into OS automation, increasing the attack surface and creating opportunities for misuse, unexpected side effects, or privilege abuse on the host.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs direct file writes to user-controlled locations on the desktop and periodic log appends, which is broader persistence than is necessary for a therapy coaching skill. This can expose sensitive mental-health data, overwrite existing files, or normalize host filesystem access that could later be repurposed for more harmful actions.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill includes a bulk deletion pattern that enumerates cron jobs and removes all entries matching `ERP`, which grants operational control over host scheduling beyond a single known job ID. Broad delete capabilities are dangerous because naming collisions, manipulated output, or overly broad matching could delete unrelated scheduled tasks and disrupt the user environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal