ClawHub

Dining

Security checks across malware telemetry and agentic risk

Overview

This is a meal-planning skill with no executable code or exfiltration behavior, but it may summarize dietary and health details into reusable profile text.

Install only if you are comfortable sharing food preferences and any health-related dietary constraints with the assistant. Avoid adding medical details unless they are needed for the meal decision, and review or delete the generated profile before saving it or pasting it into another chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The quick-start trigger phrase "今天吃什么" is extremely common everyday speech and closely matches the skill's activation intent, so it can cause unintended invocation in normal conversation. In an agent environment, over-broad triggers increase prompt-surface area and may route unrelated user messages into the skill, leading to incorrect behavior, privacy spillover from unnecessary context capture, or interference with other skills.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill content strongly specifies Chinese-language interaction and persona behavior without indicating that language should follow the user's preference. This can override user expectations, reduce usability and accessibility, and in multilingual environments may cause the agent to ignore explicit or implicit language context, leading to unsafe misunderstandings around dietary restrictions or health constraints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs collecting sensitive health-related information such as diabetes, high blood pressure, gout, and fitness status, then recording it as part of a user preference profile without any privacy notice, consent flow, minimization guidance, or retention warning. Even if persistence is user-mediated via pasted profiles, the design normalizes creation and reuse of sensitive personal data artifacts that could be exposed in chat history, screenshots, shared devices, or copied logs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file directs the agent to generate a complete copyable Markdown profile at the end of every conversation, including sensitive health constraints, dislikes, and preference weights, but provides no warning that this bundled profile may expose sensitive personal information if copied, stored insecurely, or pasted into future chats. Automatically packaging data for reuse increases the chance of over-collection and accidental disclosure beyond the immediate meal-planning task.

Ssd 3

Medium
Confidence
93% confidence
Finding
This section instructs continuous collection of user-provided preferences and constraints throughout the conversation and consolidation into a reusable profile, which is a form of structured retention of personal data. Because the data includes health conditions and inferred traits such as regional background and taste profile, the memory design expands data scope beyond a one-time recommendation and creates a durable dossier without clear consent, deletion, or minimization controls.

Ssd 3

Medium
Confidence
88% confidence
Finding
The feedback-loop language encourages users to provide additional preference statements so the system can 'remember' them, reinforcing ongoing logging and retention behavior. While not directly malicious, it nudges users into disclosing more personal preference data without any contextual privacy notice, increasing cumulative exposure over time.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal