ClawHub

Rejection Logger

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it broadly tells agents to save rejected prompts and reasoning into a persistent workspace file, which can expose private context.

Install only if you explicitly want durable rejection audit logs in each workspace. Review `.learnings/REJECTIONS.md` before committing or sharing a repository, avoid logging secrets, full prompts, unsafe requests, or internal reasoning, and prefer short sanitized summaries with user consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to trigger during many normal agent behaviors, such as declining requests or choosing between approaches. That can cause the skill to activate far more often than intended and push the agent to record internal decision-making into repository files, increasing the chance of oversharing sensitive reasoning or creating unnecessary side effects.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The 'When to Use' section is ambiguous and encourages use for common situations like saying 'No' or choosing one tool over another, without boundaries. In practice, this can normalize logging rejected options and internal reasoning in ways that expose sensitive decision traces, safety logic, or private user context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to append to `.learnings/REJECTIONS.md` without warning that this modifies local repository state. That creates an implicit write side effect, which can alter tracked files, leak sensitive content into the workspace, and be abused through repeated activations to pollute project data or commit unwanted audit artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal