ClawHub

Agent Journal

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate journaling and memory skill, but it stores and recalls user data through an external backend without enough clear consent, privacy, or deletion controls.

Install only if you are comfortable with journal entries, preferences, session notes, URLs, and search queries being sent to and stored by the provider’s backend. Avoid saving secrets, credentials, regulated data, or private client information unless the publisher documents retention, deletion, and access controls clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match normal conversation, which can cause the skill to activate and persist data when the user did not clearly intend journaling. In a skill that stores cross-session memory, accidental invocation increases the chance of collecting and retaining sensitive information without meaningful consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly promotes persistent storage of user preferences, observations, and session details across sessions, but it does not present a clear user-facing notice about retention, third-party storage, or privacy implications. This is dangerous because agents may silently build longitudinal profiles of users and transmit sensitive behavioral or project data to an external memory system.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API reference instructs the agent to send user-provided text, audio URLs, file URLs, and recall queries to a remote BlueColumn/Supabase backend, but it does not clearly warn that potentially sensitive user data leaves the local agent context and is transmitted to an external service. In a journaling/memory skill, this omission is especially risky because the stored content is likely to include personal preferences, observations, and other persistent sensitive data that users may not expect to be uploaded off-platform.

External Transmission

Medium
Category
Data Exfiltration
Content
For lightweight agent observations — preferences, patterns, decisions:
```bash
curl -X POST .../agent-note \
  -H "Authorization: Bearer <key>" \
  -d '{"text": "User prefers bullet points over paragraphs", "tags": ["preference", "style"]}'
```
Confidence
95% confidence
Finding
curl -X POST .../agent-note \ -H "Authorization: Bearer <key>" \ -d '{"text": "User prefers bullet points over paragraphs", "tags": ["preference", "style"]}' ``` ## Log a Detailed Entry (agent-re

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal