ClawHub

Personal API

Security checks across malware telemetry and agentic risk

Overview

This skill transparently scaffolds an Obsidian vault for AI-readable personal context and does not show hidden network, credential, destructive, or background behavior.

Install only into the intended Obsidian vault, check OBSIDIAN_VAULT_PATH before running setup.sh, and use --minimal if you do not want the 30.knowledge structure. Treat filled-in ME.md and AGENT.md as private because they are designed to contain personal identity, preferences, and working context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill directs the agent to read files, use environment variables, and execute shell commands, but it does not declare any permissions or capability boundaries in the skill file. This creates a transparency and consent gap: an agent or user may invoke a skill that performs filesystem and shell operations without a clear, machine-readable statement of required privileges and risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installation workflow instructs the agent to run a setup script that writes files and scaffolds directories inside a user-supplied vault, but the skill text does not prominently require an explicit confirmation before making those filesystem changes. In an agentic context, this can lead to unintended modification of user data, especially if the vault path is wrong, points to a sensitive directory, or the user did not understand that running the script is destructive or state-changing.

Vague Triggers

Low
Confidence
91% confidence
Finding
This template defines broad assistant behavior and explicitly tells the AI to scan and follow AGENT.md and ME.md at the start of each conversation, but it does not specify clear activation boundaries, precedence rules, or safety limits. In a skill that turns a personal vault into an AI-readable identity layer, this increases the chance that untrusted or user-editable vault content can steer agent behavior beyond the intended task scope.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal