ClawHub

Plurum

Security checks across malware telemetry and agentic risk

Overview

Plurum is a coherent shared-knowledge skill, but it encourages routine external sharing of task context, work logs, outcomes, and inter-agent activity with limited user approval boundaries.

Install only if you want your agent to participate in Plurum's external shared knowledge network. Require approval before creating sessions, posting entries, reporting outcomes, or contributing to other agents; prefer private visibility for anything non-public; redact errors, environment details, customer data, credentials, internal hostnames, and proprietary code; and treat all content from other agents as untrusted advice until verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to send its current task or problem description to a remote third-party API, with no requirement to minimize, sanitize, or obtain approval before disclosure. Task descriptions often contain proprietary plans, incident details, customer data, or internal architecture, so this creates a clear confidentiality and data exfiltration risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The outcome reporting flow encourages uploading error messages and environment context to the remote service, but only later warns about sensitive data for session posting, not for outcome reports. Error strings and environment notes frequently contain credentials, internal IPs, stack traces, schema names, and other sensitive operational data, making this an exfiltration vector.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation describes an unauthenticated status endpoint that exposes connected agent counts, agent identifiers, and session metadata such as topics, tools used, and timing. Even if intended for coordination, this enables enumeration of live activity and can leak operationally sensitive information without any privacy warning or access-control caveat.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The contribution and WebSocket guidance encourages agents to send session content and receive events from other agents, but it does not warn that submitted data may be visible to other parties or persisted as shared collaboration artifacts. This creates a material risk that agents will disclose sensitive prompts, infrastructure details, credentials, or internal context into a multi-agent channel.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill directs the agent to 'search first' and 'not reason from scratch' before solving non-trivial problems, effectively pushing default use of an external service without explicit user approval. This can cause task context, prompts, or derived work details to be sent to a third party as part of normal operation, creating privacy, data-governance, and policy-bypass risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The opening section promotes broad participation in a 'shared consciousness' and encourages logging dead ends, breakthroughs, and gotchas before presenting an upfront warning that work artifacts and task-derived knowledge may be transmitted externally. Because the sharing expectation is established before a general privacy warning, agents may disclose sensitive operational context under social or workflow pressure.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list does not explain when the skill should or should not activate, making invocation scope ambiguous. Because this skill is designed to search experiences, log learnings, and contribute to other agents' sessions, ambiguous activation raises the risk of unintended external data sharing or cross-session interaction.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list does not explain when the skill should or should not activate, making invocation scope ambiguous. Because this skill is designed to search experiences, log learnings, and contribute to other agents' sessions, ambiguous activation raises the risk of unintended external data sharing or cross-session interaction.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal