ClawHub

Epistemic Guide

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is mostly coherent, but it tells the assistant to save sensitive belief discussions and emotional context, including silently after a user declines to continue.

Review this before installing if you expect private discussions about politics, religion, health, conspiracies, or personal beliefs. The safest setup is to disable or override the memory instructions so claim stacks, emotional state, and belief histories are never saved unless you explicitly ask for that specific note to be stored. External checks appear consent-based, but you should still confirm what tools your agent can call and what data those tools send.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill's success/failure criteria conflict with its earlier transparency requirements by labeling announced verification as a failure, even though the workflow elsewhere requires informing the user before using external tools. Contradictory instructions can cause an agent to suppress disclosure or behave inconsistently around external tool use, undermining informed consent and creating privacy/compliance risk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill says it respects user autonomy and privacy, but also instructs the assistant to save discussion state silently even when the user declines continuation or scheduling. Persisting sensitive belief content after a refusal defeats user expectations, creates covert retention of sensitive data, and may violate consent and data-minimization principles.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guidance instructs storing belief discussions and the user's emotional state, which exceeds what is necessary for a Socratic-questioning assistant. Collecting and persisting this type of sensitive profiling data increases privacy risk, creates opportunities for manipulation or chilling effects, and expands the blast radius of any memory leakage or misuse.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill encourages storing and resurfacing users' belief histories across conversations, which can create long-lived sensitive profiles about religion, politics, and misinformation-related discussions. Even if intended for continuity, this persistence materially raises privacy risk and can surprise users when prior beliefs are brought back later.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persisting the user's emotional state and postponed discussion details is sensitive behavioral profiling. This information can be misused to influence future interactions, and retaining it without strict consent and minimization increases both privacy harm and compliance exposure.

Ssd 3

Medium
Confidence
93% confidence
Finding
Recording examined beliefs, conclusions, and updated understanding creates a durable dossier of the user's viewpoints and how they changed over time. In a skill focused on sensitive topics, that level of persistence is not necessary for core functionality and increases the consequences of unauthorized access, secondary use, or unexpected resurfacing.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal