ClawHub

Npc Distill Main

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built rather than malicious, but it creates durable local profiles from sensitive workplace communications and has retention/scoping gaps users should review carefully.

Install only if you are comfortable storing persona evidence and rehearsal notes locally in plaintext. Avoid feeding confidential, regulated, or third-party personal data without authorization; review every diff before writing; keep memory files out of shared folders/repos; and delete the full memory file plus backups/archives when you no longer need the profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The spec makes a strong privacy guarantee that real names must never appear, but its retention and archival guidance can preserve prior raw content in deleted-comment blocks and archives. In a skill explicitly designed to ingest sensitive workplace communications and build local persona profiles, retaining historical verbatim content creates a realistic path for personal identifiers to persist indefinitely despite the anonymization promise.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The workflow directs the agent to read from a shared `memory.md` while the skill metadata and earlier steps imply persona-specific storage in `memory-{npc_id}.md`. That inconsistency can cause cross-persona data mixing or retrieval of unrelated private material, which is especially risky because the stored content includes sensitive communications, meeting notes, and behavioral profiles.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Saving rehearsal session records into shared `memory.md` conflicts with the earlier persona-scoped design and creates a path for sensitive rehearsal content to be written into a broader store. That can expose one user's or one persona's materials to later prompts, analyses, or simulations involving different personas, defeating the stated privacy boundary.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation conditions are broad and include common phrases like practicing reports, drafting in someone's style, or discussing a person's preferences. In this skill's context, accidental activation is more dangerous because it can cause ingestion and long-term storage of sensitive third-party communications and persona modeling without a clear, deliberate opt-in.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill is designed to collect pasted messages, emails, chats, meeting notes, annotations, and fetched URL content into a local memory file, yet it does not prominently warn users that this content will be stored. In this context, the missing warning is significant because the data is likely to contain confidential business communications and third-party personal information, creating privacy, compliance, and retention risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This workflow instructs the agent to fetch arbitrary user-supplied URLs, extract person-related content, and persist both content and source metadata locally, but it does not require a clear user-facing consent/privacy warning before transmission or storage. In this skill’s context, the data is specifically about identifiable individuals and may include internal knowledge-base pages or sensitive workplace communications, which increases the likelihood of processing personal or confidential information without adequate notice.

Ssd 3

Medium
Confidence
90% confidence
Finding
The workflow encourages retaining user-provided rehearsal details, generated questions, and later real-world outcomes for future reuse, which creates a durable store of potentially sensitive business strategy, internal reporting content, and interpersonal assessments. Even if storage is local, long-term retention increases the chance of later unintended disclosure, over-collection, or reuse beyond the user's original expectation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal