ClawHub
Back to skill

Security audit

Baby record

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local baby-care logging skill, but its helper script has under-scoped file access that could write or delete JSON files outside the intended data folder if misused.

Review before installing. Use it only if you are comfortable storing baby-care and health details in local JSON files, and avoid passing custom directories or non-YYYY-MM-DD date values. The publisher should add strict date/path validation, document or gate deletion, and provide a clearer privacy and retention notice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose centers on recording and viewing baby-care data, but the analyzed behavior reportedly includes deletion of daily records and allowing an arbitrary data directory via command-line arguments. Those extra capabilities materially expand the attack surface: deletion can destroy health logs, and a user-controllable directory can lead to unintended file access or writes outside the intended data area if not strictly constrained.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores sensitive baby health and caregiving data to JSON files but does not clearly warn users about persistence, retention, or local privacy risks. Because the content includes health-related information about an infant, silent storage increases the risk of unintended exposure through local access, backups, logs, or device sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.