ClawHub

Nm Conserve Compression Strategy

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill gives coherent context-management advice, but users should be careful before clearing sessions or saving logs/session summaries to disk.

Install if you want advice for reducing overloaded AI sessions. Before following its recommendations, confirm any `/clear` or `/catchup` action, review what will be saved under `.claude/`, and redact secrets, tokens, customer data, internal hostnames, and personal information from logs before pasting or archiving them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation about slow or expensive sessions, which can cause the skill to activate in situations where the user did not explicitly request compression actions. In this skill, that matters because the recommended actions include state-altering commands like clearing context and writing archive/session files, so accidental invocation could disrupt work or cause unintended persistence of context data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs actions that modify session state and write files, including saving state to `.claude/session-state.md`, archiving context, and running `/clear`, without an explicit warning that these operations can alter the current session or persist potentially sensitive information. This is dangerous because users may treat the skill as advisory while it recommends impactful operations that can erase active context, create stale recovery points, or store sensitive conversation content on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The module explicitly advises pasting logs into an AI session and focuses on byte/token reduction, but it does not warn users to review, redact, or minimize sensitive data before sharing. Logs commonly contain secrets, personal data, internal URLs, tokens, stack traces, and customer identifiers, so encouraging transfer into an LLM context without a privacy gate creates a realistic data-exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal