ClawHub

好运莲莲

Security checks across malware telemetry and agentic risk

Overview

This is a local personal bookkeeping, memo, reminder, and spending-insight skill whose sensitive local storage and scheduled reminders are disclosed and fit its purpose.

Install only if you are comfortable storing finance records, notes, and reminder metadata locally in the Hermes data directory. Avoid saving secrets, review vague update/delete requests such as 'last' before confirming, and periodically review or disable cron reminders and digest subscriptions you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to read environment variables (`HERMES_HOME`) and perform local file reads/writes under `HERMES_HOME/data/private-assistant/`, but no corresponding permissions are declared. This creates a capability/permission mismatch that can bypass least-privilege review, making sensitive personal bookkeeping, memo, and reminder data accessible or modifiable without transparent authorization boundaries.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The template hard-codes Chinese output and formatting constraints for all responses without any indication that the user opted into that language. In a personal assistant skill, this can override user preferences, reduce accessibility, and cause the agent to respond in an unexpected language, which may lead to misunderstanding of financial summaries, reminders, or journaling content.

VirusTotal

38/38 vendors flagged this skill as clean.

View on VirusTotal