ClawHub

Terminal Dashboard

Security checks across malware telemetry and agentic risk

Overview

This is a local command-line logging tool that stores user-entered activity on disk, with some packaging and disclosure rough edges but no evidence of hidden exfiltration or destructive behavior.

Install only if you want a local activity journal. Treat anything typed into it as plaintext data that may remain under ~/.local/share/terminal-dashboard and be searchable or exported later; avoid entering passwords, tokens, private customer data, or sensitive internal details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents that entries are stored in local log files and exportable formats, but it does not prominently warn that arbitrary user inputs are retained in plaintext under a predictable directory. Users may enter credentials, SQL queries, dataset names, internal paths, or other sensitive operational details, which then become recoverable from history and export files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persistently stores arbitrary user-provided input under `~/.local/share/terminal-dashboard` across many commands without any notice, consent, retention control, or sensitivity filtering. In a skill context that invites users to paste operational data, queries, pipeline text, or other command-like content, this can lead to inadvertent local retention of secrets, tokens, internal paths, or sensitive business data that may later be exposed to other local users, backup systems, or support collection workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal