ClawHub

Second Brain: Turn conversations into lasting knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Ensue-backed personal knowledge base, with expected cloud storage and API-key use disclosed, though users should avoid saving sensitive information.

Install this only if you intend to use Ensue as a cloud-backed persistent memory service. Review every draft before saving, do not store secrets or highly sensitive personal data, and use an API key you are comfortable granting access to this knowledge base.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to invoke a shell wrapper script (`{baseDir}/scripts/ensue-api.sh`) but does not declare corresponding permissions. Undeclared shell capability weakens security review and runtime policy enforcement, and because the script is called with user-influenced JSON arguments for create/update/delete operations, the mismatch can enable unintended command execution pathways or unsafe data operations if the platform assumes the skill is low-privilege.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description combines multiple broad intents—saving knowledge, recalling it, managing a toolbox, and building on past learnings—without clear activation criteria. This ambiguity increases the chance of over-triggering and cross-intent execution, where normal discussion may prompt memory searches or state-changing operations inappropriately, especially given the skill's ability to create, update, and delete stored entries.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description combines multiple broad intents—saving knowledge, recalling it, managing a toolbox, and building on past learnings—without clear activation criteria. This ambiguity increases the chance of over-triggering and cross-intent execution, where normal discussion may prompt memory searches or state-changing operations inappropriately, especially given the skill's ability to create, update, and delete stored entries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script forwards user-supplied JSON arguments directly to a third-party service without any explicit notice at the point of use that note contents, queries, or other potentially sensitive knowledge will leave the local environment. In a personal knowledge-base skill, users may submit highly sensitive data, making silent transmission a meaningful privacy and data-handling risk even if the destination service is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal