ClawHub

Expressive Soul

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it automatically saves and reviews conversation content in persistent local files without clear limits or controls.

Install only if you are comfortable with this skill saving conversation payloads locally after each AI reply and reviewing them on a daily schedule. Avoid using it with secrets, credentials, personal data, or confidential work unless you can disable the handler/schedule and inspect or delete the memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script reads today's conversation log from DAILY_DIR/<date>.jsonl and later appends the review record back into that same file, mixing source logs with derived review data. This creates self-contaminating state: future runs will reprocess prior review entries as if they were conversation logs, causing data integrity issues, log poisoning, and potentially recursive growth or misleading memory formation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that all conversation content will be automatically reviewed daily and that valuable conclusions will be written into persistent memory files. This creates a real privacy and data-retention risk because users are not clearly warned, asked for consent, or given controls over what content is stored and for how long.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically captures stdin containing conversation data and appends it to a persistent daily JSONL log file, with comments indicating this happens after every AI reply. Persistent storage of conversational content can expose sensitive prompts, secrets, and personal data, especially because there is no consent, disclosure, retention control, or access protection evident in the script.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists user-provided insight text to a local JSONL file automatically, but the CLI output and interface do not clearly warn users that their input will be stored on disk. This can lead to unintentional retention of sensitive prompts, secrets, or personal data, especially in an agent-skill context where users may assume the action is ephemeral.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs a daily process to review all conversation content, extract insights, and store them in memory files, which is a concrete retention workflow affecting potentially sensitive user data. In context, this is more dangerous because it is automated, broad in scope ('all conversation content'), and paired with long-term storage, increasing the chance of unintended capture of personal, confidential, or regulated information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal