ClawHub

Mental Health

Security checks across malware telemetry and agentic risk

Overview

This mental-health skill is not clearly malicious, but it can store sensitive wellness entries locally in plaintext without clear upfront privacy or deletion controls.

Install only if you are comfortable with the skill writing wellness or mental-health entries to local plaintext files. Avoid entering highly sensitive or crisis details unless you understand where the files are stored and how to remove them manually; the advertised reset command does not actually delete data in the reviewed script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The skill is presented as a lightweight mental-health assistant, but the analysis indicates it also supports persistent storage, history, exports, reminders, goals, and audit logging. In a mental-health context, that undocumented behavior materially changes the privacy and safety profile because users may disclose highly sensitive emotional or health-related information without understanding it is being retained or exportable.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script stores user-provided wellness and potentially mental-health-related entries in plaintext local files under the user's data directory without any privacy notice, consent flow, retention policy, or access controls beyond default filesystem behavior. In a mental-health context, these entries may contain highly sensitive personal information, increasing the risk of unintended disclosure through local access, backups, sync services, or shared accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal