ClawHub

Comment

Security checks across malware telemetry and agentic risk

Overview

This is a local comment logging utility that stores user-entered text on disk, with no evidence of network transfer, credential access, hidden execution, or destructive behavior.

Install only if you are comfortable with comment inputs being saved locally under ~/.local/share/comment. Do not enter secrets, tokens, private customer data, or sensitive personal information unless you intend to keep it in local logs, and delete that directory when you no longer want the history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as a generic comment-management utility, but the documentation shows it persistently stores arbitrary user inputs, maintains history/activity logs, supports search over past entries, and exports accumulated data. That expansion of behavior matters because users may invoke it with sensitive free-form content without realizing it will be retained locally and surfaced later via search, stats, or export features.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation phrase 'Use when you need comment' is overly broad and underspecified, which can cause the agent to invoke the skill in contexts far beyond simple comment management. In practice, that increases the chance that unrelated or sensitive user content is routed into a tool that logs and persists inputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises automatic history and activity logging but does not clearly warn users that their inputs are retained on disk under a local data directory. This creates a realistic privacy risk because users may enter secrets, proprietary text, or personal data believing the tool is a transient CLI helper, while the retained logs can later be accessed, searched, exported, or disclosed to other local users/processes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently records arbitrary user-supplied input to local files and history logs without clearly warning the user in help text or obtaining explicit consent. In an agent-skill context, users may pass secrets, tokens, internal comments, or sensitive business data expecting ephemeral processing, so silent retention increases the risk of local data exposure, unintended reuse, or later exfiltration by other processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The export function materializes aggregated historical log contents into new files on disk, potentially duplicating sensitive data into broader, easier-to-share formats like CSV, JSON, or TXT without an upfront warning. In this skill's context, that can amplify privacy risk because previously entered content is consolidated and persisted again, increasing the likelihood of accidental disclosure through backups, sync tools, or other local access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal