ClawHub

Contacts

Security checks across malware telemetry and agentic risk

Overview

This contacts skill is coherent, but it can automatically persist and reveal contact identifiers without clear user confirmation controls.

Install only if you are comfortable with the agent storing and reading local contact records, including messaging identifiers and communication preferences. Use it for explicit contact lookup or update tasks, review full contact output before sharing it, and require confirmation before creating or changing contact cards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to overlap with ordinary conversation about contacting people, which can cause the skill to activate when the user did not intend to query or modify the address book. In this skill, unintended activation is more concerning because it may lead to reading or writing contact records in agent memory without an explicit user confirmation step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that agents will automatically maintain contact records, but it does not clearly warn that user-provided data may be persisted to memory. Because the stored fields include identifiers like open_id, chat_id, and account_id, silent persistence can create privacy, consent, and data-governance risks if users do not realize this information is being retained.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Defaulting a contact's language preference to '中文' without clarifying that it is only an example can lead the agent to make unjustified assumptions about how a person should be addressed. In a communications skill, that can cause misrouting, inappropriate outreach style, or exclusionary behavior, though the security impact is limited compared with direct data-handling issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal