ClawHub

Wayfound

Security checks across malware telemetry and agentic risk

Overview

Wayfound is a disclosed local self-review skill that adds a user-approved daily review habit, with privacy and retention considerations but no evidence of hidden data export or unsafe code.

Install this only if you want ongoing local self-review. Before approving the cron setup, confirm the schedule, where review files are written, and how to disable it. Periodically review generated memory files and SOUL.md changes, and avoid retaining sensitive details in long-lived memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill tells the user to install a daily cron job that continuously reads SOUL.md and daily memory files and writes new review artifacts, but it does not clearly foreground the privacy and persistence implications of this ongoing automated access. In context, this creates a durable surveillance-like mechanism over interaction-derived data, which can surprise users and expand the retention surface for sensitive information.

Ssd 3

Medium
Confidence
91% confidence
Finding
The review workflow explicitly stores interaction-derived findings in persistent memory/review files and later surfaces them, including user preferences and behavioral observations. Even if framed as self-improvement, this encourages accumulation of potentially sensitive personal or organizational details without clear minimization, consent boundaries, or retention controls.

Ssd 3

Medium
Confidence
95% confidence
Finding
The pattern-detection section instructs the agent to mine prior review files for recurring themes and then update MEMORY.md or SOUL.md with user preferences and behavioral rules. This turns routine interactions into durable profiling data, increasing the chance of retaining sensitive preferences, workflow habits, or inferred attributes beyond what the user expected.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal