ClawHub

Spell

Security checks across malware telemetry and agentic risk

Overview

Spell is a local logging utility that saves user-entered text on disk; its privacy tradeoffs and some broken command dispatch should be understood, but the artifacts do not show remote sending, credential access, or destructive behavior.

Install only if you want a persistent local plaintext log of text given to the spell command. Do not use it for passwords, tokens, regulated data, confidential work, or personal information unless you are comfortable with that data being retained under ~/.local/share/spell. Also be aware that export/status behavior appears incorrectly wired in this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The script defines duplicate case labels for 'export' and 'status', so the earlier logging-only branches take precedence and the later real implementations are unreachable. This is dangerous because users may believe they are invoking health/export functionality while actually causing sensitive input to be silently persisted to disk, undermining user expectations and potentially capturing secrets entered as command arguments.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill description is very broad ('Log anything fast' and use during lookups, checking entries, converting formats, generating summaries), which could cause the agent to invoke it for many unrelated user requests. Because the tool performs persistent local logging, overbroad invocation increases the chance of collecting sensitive user data without clear intent or informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises automatic history and activity logging but does not prominently warn that user inputs may be persistently stored under a local data directory. In agent contexts, this can lead to unintended retention of sensitive prompts, secrets, personal data, or proprietary content, making the persistence behavior more dangerous than in a purely manual CLI context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persistently stores every command argument under ~/.local/share/spell without consent, redaction, or sensitivity checks. In an agent-skill context, users may pass tokens, file paths, prompts, incident details, or other confidential data on the command line, causing long-lived local retention that can later be read by other local processes or unintentionally exposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The export routine aggregates all previously logged content into new files on disk, multiplying the number of copies of potentially sensitive data. In this skill's context, that increases exposure because a general-purpose logging tool is likely to collect mixed operational data, and exporting without warning or filtering can broaden accidental disclosure during later sharing, backup, or sync operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal