ClawHub

cpskilltest111

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it asks agents to store and promote detailed session learnings in ways that can retain sensitive information too broadly.

Install only if you intentionally want durable agent memory. Treat all generated learning files as sensitive, avoid storing raw prompts, secrets, tokens, customer data, full stack traces, or internal URLs, and require explicit approval before promoting entries into shared agent instruction files or sharing them across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation guidance is broad enough that ordinary conversation or routine task phrasing could trigger logging and memory-writing behaviors unexpectedly. In a skill that persists content across sessions and promotes data into shared context files, over-triggering increases the chance of collecting sensitive user text, internal prompts, or irrelevant workspace information without clear necessity.

Vague Triggers

Medium
Confidence
90% confidence
Finding
These trigger phrases are generic enough to match normal user dialogue and can cause unintended persistence of corrections, requests, or other conversation content. Because this skill is explicitly designed to save information into durable files and possibly promote it into broader agent context, false activations create a real privacy and prompt-data retention risk.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill encourages persistent storage of user corrections, feature requests, and learned information into local or shared memory files, which can easily capture sensitive natural-language content. Even without malicious intent, this creates a durable data-retention channel that may expose private user data, proprietary project details, or prompt content to later sessions, collaborators, or other tools.

Ssd 3

Medium
Confidence
94% confidence
Finding
Describing tools that can read other sessions' transcripts and forward learnings across sessions materially increases the risk of cross-session data exposure. If used without strict scoping and sanitization, a session can leak sensitive content from one task, user, or workspace context into another, breaking isolation assumptions.

Ssd 3

Medium
Confidence
96% confidence
Finding
The templates explicitly ask for full context, inputs, parameters, and actual error output, all of which commonly contain credentials, API keys, personal data, stack traces, and internal paths. Persisting that material in markdown files creates a straightforward exfiltration and accidental disclosure risk, especially if the files are committed, shared, indexed, or later surfaced to other agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal