ClawHub

Personal Tutor

Security checks across malware telemetry and agentic risk

Overview

This tutoring skill is mostly coherent, but it asks the agent to modify its own persistent rule files and can run local link-checking scripts, so it should be reviewed before installation.

Install only if you are comfortable with it writing local learning files and knowledge-base notes. Before use, restrict it to specific learning and notes folders, require confirmation before any write or script run, and do not allow it to edit SOUL.md, TOOLS.md, MEMORY.md, or other persistent agent rule files unless you explicitly review that change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to modify its own rule files (e.g., SOUL.md, TOOLS.md). A tutoring/archive skill has no legitimate need to alter the agent's core behavior or persistent operating rules, and doing so creates a path for privilege expansion or persistence beyond the user’s requested task.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The knowledge-base workflow authorizes running a link-checking script after updates. Even if framed as maintenance, this introduces unnecessary code/script execution capability into a tutoring skill, which increases attack surface and could be abused if the script path or environment is compromised.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly advertises commands that cause the agent to create and update files, configuration, memory, and knowledge-base content, but it does not warn users that local data will be modified or emphasize the scope of those writes. In an agent-skill context, this is risky because users may invoke natural-language commands without realizing they authorize filesystem changes across configured paths, increasing the chance of unintended overwrites, data pollution, or writes to sensitive directories.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to create directories, files, and config entries across the local filesystem during onboarding and subject setup, but it does not require an explicit warning or confirmation before making those modifications. Because the skill can write to arbitrary user-provided paths, silent filesystem changes create integrity and privacy risks if executed unexpectedly or on sensitive locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal