ClawHub

知识自动沉淀引擎

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent daily journaling purpose, but it needs review because it reads chat history and stored credentials, then automatically publishes full reports to multiple external services.

Install only if you want this skill to read your Get笔记 notes, OpenClaw conversation history, and stored service credentials, then generate and store full daily reports in the configured Get笔记 and Feishu locations. Before use, verify the hardcoded Feishu folder, wiki node, app credentials, and member ID are yours, and require a preview plus explicit approval before cloud sync or permission changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The same security note falsely narrows the skill’s behavior even though later steps call date/getnote/curl/lark-cli and write to external systems. Such deceptive or inaccurate documentation creates a security vulnerability at the design level because operators may authorize the skill under false assumptions about what it will execute and where data will go.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The same security note falsely narrows the skill’s behavior even though later steps call date/getnote/curl/lark-cli and write to external systems. Such deceptive or inaccurate documentation creates a security vulnerability at the design level because operators may authorize the skill under false assumptions about what it will execute and where data will go.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to read credentials from a local config file and use them to reauthenticate automatically. This expands the skill from content processing into credential access and auth-state manipulation, which increases the chance of secret exposure, misuse, or unintended account actions if the skill is triggered broadly or runs in an unexpected context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, everyday expressions such as ‘整理昨天的日志’ and ‘知识沉淀’, without clear constraints on when synchronization, history access, or external publishing should occur. This makes accidental invocation more likely, which is especially risky because the skill reads notes and chat history and then writes derived content to multiple destinations.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly directs the agent to read session history, extract user messages, and use them as report input, then later archive the report externally. This creates a natural-language exfiltration path where sensitive chat content may be transferred into persistent third-party systems without granular consent or redaction.

Ssd 3

High
Confidence
98% confidence
Finding
The skill’s core purpose is to combine user notes and conversation records, perform deep profiling-style analysis of learning/work state, and persist the result across multiple storage backends. In context, this is more dangerous because the content is personal, behavioral, and cross-source, increasing privacy harm and the blast radius of any mistaken or overbroad collection.

Ssd 3

High
Confidence
96% confidence
Finding
The report rules require complete output for all sections and full-text synchronization, explicitly forbidding abbreviated storage. That amplifies leakage risk because any sensitive content gathered from notes, chats, or recordings is more likely to be preserved verbatim and replicated across several systems rather than minimized.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal