ClawHub

Context Anchor

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent local context-recovery helper that reads documented workspace memory files and does not show network access, credential use, writes, deletion, or persistence.

Install this only if you are comfortable with an agent reading and summarizing your workspace memory and active context markdown files. Prefer manual use or post-compaction use over automatic every-session startup if those files may contain sensitive, outdated, or unrelated notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description and usage guidance create a very broad activation condition around being 'fresh', 'after compaction', or 'feeling lost', which overlaps with normal agent uncertainty and routine session startup. In systems that auto-select skills from natural language or context, this can cause the skill to trigger too often, leading to unnecessary scanning and surfacing of memory files that may contain sensitive context unrelated to the current task.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual-use instruction 'use it manually when you feel lost about context' is ambiguous and likely to match common conversational language, making accidental or over-broad activation more likely. Because this skill scans memory/current-task.md, daily logs, and active context files, unintended invocation can expose historical decisions, blockers, and notes that are not necessary for the immediate interaction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal