ClawHub

Pickup Lines

Security checks across malware telemetry and agentic risk

Overview

This looks like a local text-collection tool packaged as a romantic-line generator, with persistent logging and a misleading delete command.

Install only if you want a local plain-text pickup-line collection manager, not a true generator. Avoid saving sensitive personal text, and be aware that the remove command does not delete saved entries; manual cleanup of the data files may be required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a harmless romantic-line generator, but the documented behavior is actually a stateful local CLI that creates directories, stores arbitrary user content, logs command history, and exports data. This kind of capability mismatch is dangerous because users or orchestrators may grant trust or invoke it under false assumptions, enabling unintended local data persistence and disclosure.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest says the skill generates romantic lines, but the body documents a content-management utility with storage, search, removal, and export functions. Security decisions often rely on the manifest, so this discrepancy can mislead reviewers and agents into approving or invoking a tool with broader data-handling powers than expected.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The top-level description frames the skill as a generator, while the documentation describes persistent storage and management of text snippets. Even without obviously malicious commands, this inconsistency increases the chance of unreviewed file operations, logging, and data retention in contexts where only content generation was expected.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially differs from the declared skill purpose: instead of generating romantic lines, it exposes a general-purpose local data-management CLI with commands to add, list, search, remove, and export persisted content. This kind of capability mismatch is dangerous because it creates undeclared data handling behavior and expands the skill's operational scope beyond user expectations, which can enable covert collection or misuse of local data.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a data directory and stores content in local files without any clear relationship to a love-line generation feature. Undeclared persistence is risky because users may provide personal or sensitive text inputs, which then remain on disk and can later be exposed through other commands or local compromise.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Search, remove, and export operations over a local database are unrelated to the advertised romantic-line functionality and indicate hidden data inventory capabilities. In the context of this skill, those features make the mismatch more dangerous because they provide direct mechanisms to enumerate and exfiltrate accumulated user content.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script self-describes as a 'Multi-purpose utility tool,' which directly contradicts the marketplace metadata claiming it generates witty romantic lines. This discrepancy is a strong indicator of deceptive packaging or repurposed code, making the skill context more dangerous because users and reviewers would reasonably trust a much narrower behavior than what is actually delivered.

Vague Triggers

Medium
Confidence
90% confidence
Finding
A general-purpose `run <input>` entry point with no scope constraints is risky because it obscures what actions may occur for arbitrary input and can become a catch-all dispatch surface. In a skill that already performs local file and data operations, this ambiguity makes it harder to reason about side effects, permissions, and safe invocation boundaries.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script writes to persistent storage without warning users in the interface or help text that their inputs may be saved locally. While the write itself is not inherently malicious, the lack of notice reduces informed consent and increases privacy risk, especially given the skill's deceptive mismatch with its stated purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal