ClawHub

chunfeng

Security checks across malware telemetry and agentic risk

Overview

This is a coherent thinking-framework skill, but it asks to automatically save analysis details and feedback for future reuse without clear opt-in, retention, or deletion controls.

Install only if you are comfortable with the skill saving analysis notes and feedback locally for future optimization. Avoid using it with sensitive personal, legal, financial, business, or strategic information unless you can disable or review the memory files and approve any self-updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a thinking and analysis framework, but it additionally declares automatic recording of analysis contents for future optimization. That creates hidden stateful behavior and data retention beyond the expected scope of a reasoning aid, which can surprise users and operators and lead to unintended storage of sensitive prompts or derived insights.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This section operationalizes writes to memory files and ongoing version/iteration updates, which exceeds a passive documentation or analysis role. File-writing behavior can create durable records of user interactions and enable unauthorized state changes in the skill's environment, increasing privacy and integrity risk.

Vague Triggers

High
Confidence
88% confidence
Finding
The scenario-based trigger descriptions are vague and not bounded by clear activation rules. In isolation this is a quality issue, but in this skill's context it becomes security-relevant because accidental activation can route more conversations into persistent logging and feedback storage.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The scenario-based trigger descriptions are vague and not bounded by clear activation rules. In isolation this is a quality issue, but in this skill's context it becomes security-relevant because accidental activation can route more conversations into persistent logging and feedback storage.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill states that each analysis process and result will be automatically recorded, but it does not provide meaningful consent, warning, or data handling safeguards. Because analytical prompts often contain strategic, personal, or business-sensitive information, silent persistence materially increases confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Although the workflow names storage locations for logs and feedback, it still lacks security warnings and user-centric controls around persistence. Users may not understand that their problem descriptions, model selections, and feedback become durable artifacts, which can later be accessed, reused, or leaked.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatic logging of every analysis creates a persistent history of user interactions for optimization purposes. Even absent malicious intent, this introduces unnecessary data accumulation and expands the attack surface for sensitive information disclosure.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow explicitly directs recording of problem type, models used, core insights, and user feedback into memory files, creating structured persistence of potentially confidential user content. This increases privacy risk and can also influence future outputs through hidden state, making behavior less predictable and auditable.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal