ClawHub

Pocket AI Integration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Pocket AI integration, but it needs review because it gives an agent broad access to sensitive recordings while under-disclosing cloud data flow and sharing controls.

Install only if you want the agent to access your Pocket AI recording corpus and you trust the Pocket AI cloud service with those searches and results. Treat outputs as highly sensitive, require explicit approval before sharing them to channels or other tools, avoid heartbeat automation unless deliberately enabled, and keep the API key protected and revocable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README makes mutually inconsistent privacy claims: it says no data leaves the user's infrastructure while also stating Pocket AI stores data on US servers. This can mislead users about where sensitive recordings and transcripts are processed or retained, creating compliance, consent, and trust risks for highly sensitive meeting data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to ingest highly sensitive conversations, transcripts, speaker identities, and inferred personal context, yet the README lacks clear warnings about consent, recording laws, privileged material, and workplace privacy obligations. In this context, omission is dangerous because users may deploy it on attorney, executive, or employee conversations without understanding legal and ethical constraints.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The instructions tell users to persist an API key in a local file, but do not warn about protecting the credential from shell history, backups, shared machines, or accidental inclusion in workspace files. While chmod 600 helps, the README still normalizes long-lived secret storage without operational guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages querying and retrieving highly sensitive meeting recordings, transcripts, action items, and inferred personal/business context from a remote API, but it does not place an explicit, prominent warning before these workflows about the privacy and data-handling consequences. Because the content includes broad semantic search across all conversations and exposes dynamicContext and relevantMemories, an agent using this skill could surface or retransmit deeply sensitive information without meaningful user awareness or consent gating.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly query and retrieve highly sensitive personal, business, and behavioral data such as mental state, priorities, conversations, and action items from a remote service, but provide no privacy notice, consent guidance, or data-handling warning. In a skill/example file, this normalizes sending sensitive profile data off-device and could lead users to expose confidential information without understanding the sharing implications.

External Transmission

Medium
Category
Data Exfiltration
Content
### 1. What action items do I have?
```bash
API_KEY=$(cat ~/.config/pocket-ai/api_key)
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \
  -d '{"query": "action items tasks todo follow up"}' \
  "https://public.heypocketai.com/api/v1/public/search" | \
  python3 -c "import sys,json; d=json.load(sys.stdin); [print(f'• {l.split(\"Action item:\")[1].strip()}') for m in d.get('data',{}).get('relevantMemories',[]) for l in m.get('content','').split('\n') if 'Action item:' in l]"
Confidence
91% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### 2. What did I discuss about your company?
```bash
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \
  -d '{"query": "your company manufacturing team decisions"}' \
  "https://public.heypocketai.com/api/v1/public/search"
```
Confidence
93% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \ -d '{"query": "your company manufacturing team decisions"}' \ "https://public.heypocketai.com/api/v1/publi

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. Find conversations with a specific person
```bash
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \
  -d '{"query": "conversations with Dylan Acquisition.com"}' \
  "https://public.heypocketai.com/api/v1/public/search"
```
Confidence
92% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" \ -d '{"query": "conversations with Dylan Acquisition.com"}' \ "https://public.heypocketai.com/api/v1/public

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal