ClawHub

maple-structured-storage

Security checks across malware telemetry and agentic risk

Overview

This knowledge-archive skill is coherent, but it needs Review because it can persist, reorganize, and copy local content without enough safeguards for sensitive data.

Install only if you want a persistent local knowledge base and can point it at narrow, low-sensitivity folders. Do not use it on broad personal or work directories, and avoid archiving secrets, credentials, private keys, internal server details, regulated data, or sensitive configuration files. Review generated meta.md, process.md, code.md, resource/ files, and index.json regularly, and keep backups because the workflow moves source files and refreshes the index.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The rules explicitly provide examples of storing an authentication key and an internal server address in `meta.md`, normalizing retention of secrets and internal infrastructure details in plaintext knowledge archives. In a knowledge archival skill, this is unnecessary and dangerous because archived notes are likely to be indexed, searchable, reused across contexts, and exposed to broader access than the original source.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase list is extremely broad and overlaps with common actions like saving notes, summarizing documents, and structured retrieval. That can cause the skill to activate in routine conversations and initiate storage-oriented workflows the user did not clearly intend, increasing the chance of unintended persistence or file operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs data-modifying actions such as creating config files, creating directories, moving source files into done/, and overwriting index.json, but the description does not require explicit user-facing warning or confirmation before those changes. In a file-handling skill, silent modification is risky because it can alter user data organization and affect recoverability or downstream workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The automatic reflection flow asks follow-up questions after ingestion and writes the user's answers back into persistent files without an explicit warning that those answers may contain sensitive personal, operational, or contextual data. Because the feature is automatic and occurs post-write, users may disclose more than intended under the assumption they are just clarifying context rather than authorizing long-term storage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to copy user-mentioned local files into `resource/` causes data collection and retention without requiring user confirmation, sensitivity checks, minimization, or disclosure. Because users may mention documents that contain personal, financial, legal, or proprietary data, this behavior can silently ingest far more sensitive information than needed for indexing.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases include very broad everyday expressions such as '补充信息' and '检查缺失', which can match normal conversation unrelated to this skill’s intended scope. In an agent environment, overbroad triggers can cause unintended activation, leading the skill to read indexes, inspect stored knowledge files, or prompt for follow-up questions when the user did not explicitly request archival/reflection behavior.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the system not to lose information, to preserve code completely, to keep all existing content in append mode, and to store only explicit facts, which together encourage maximal retention rather than minimization. In a knowledge-archiving context, that materially raises the chance that secrets, credentials, proprietary code, personal data, and sensitive internal context are copied into long-lived indexed storage where they are easier to retrieve or leak later.

Ssd 3

High
Confidence
99% confidence
Finding
The rules instruct storing sensitive secrets and infrastructure details as plaintext facts in documentation files, which creates a direct confidentiality risk. Since this skill's purpose is structured storage, indexing, and retrieval, any stored secret may be propagated into search indexes, summaries, exports, or future responses, increasing the chance of leakage and misuse.

Ssd 3

High
Confidence
97% confidence
Finding
Copying user-mentioned local files into a retained `resource/` directory can capture entire documents containing secrets, personal data, source code, contracts, or other sensitive material without limitation. In a knowledge system designed for long-term archival and retrieval, this materially increases exposure because retained files may be indexed, reused, or accessed outside the user's original intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal