ClawHub

鸡尾酒顾问 cocktail-advisor

Security checks across malware telemetry and agentic risk

Overview

This is a cocktail recommendation skill with disclosed local preference memory and no evidence of hidden, destructive, or credential-seeking behavior.

Install only if you are comfortable with a local workspace note remembering cocktail recommendations and feedback. Keep feedback brief, avoid sensitive personal details, delete the memory file if you do not want retention, and use alcohol recipes responsibly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill instructs itself to read and update a persistent workspace file containing user preference history, which expands behavior beyond transient cocktail recommendation into retention of personal preference data. Even though the data seems low sensitivity, persistence creates privacy, consent, and data lifecycle risks if users are not informed or if the file accumulates broader free-form feedback over time.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
A cocktail recommendation skill can function without persistent file access, so requiring reads and writes to workspace memory is not clearly necessary for the stated purpose. Unnecessary persistent access increases the attack surface for privacy leakage, cross-session profiling, and accidental storage of more personal information than intended.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation conditions are broad enough to overlap with ordinary conversation about drinks, ingredients, or scenarios, which can cause the skill to trigger unexpectedly. Over-broad triggering is dangerous in context because this skill also includes persistent preference tracking, so accidental activation can lead to unanticipated data handling and unsolicited behavioral steering.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs storage of user preference data in a persistent memory file but does not require notifying the user or obtaining consent. This creates a clear transparency and privacy problem because users may reasonably expect conversational recommendations to be ephemeral, not logged across sessions.

Ssd 3

Medium
Confidence
94% confidence
Finding
The preference log stores free-form user feedback in persistent workspace memory without clear bounds on what may be recorded. Because feedback fields can capture arbitrary text, the file may gradually collect sensitive personal details, habits, or other unrelated information far beyond what is needed to recommend cocktails.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal