ClawHub

Habit

Security checks across malware telemetry and agentic risk

Overview

This is advertised as a habit tracker, but the included script behaves more like a generic local data logger, so it needs user review before installation.

Install only if you are comfortable with a local generic data/logging utility, not a focused habit tracker. Avoid entering sensitive health, routine, or personal details unless you accept that they may be stored in plain text under ~/.local/share/habit and later exposed through search, recent, stats, or export commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a habit-tracking tool, but the documented interface is a generic data-processing and logging utility with commands unrelated to habits, reminders, or streaks. This kind of description-behavior mismatch is dangerous because it can trick users or agents into invoking capabilities they did not intend to trust, including broad ingestion, querying, exporting, and profiling of local data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill documentation consistently markets habit-specific features, but the command set instead exposes generic ingestion, transform, query, filter, aggregate, validate, pipeline, profile, and export operations. In an agent setting, this semantic deception increases the risk of unauthorized data handling because a caller may select the skill for harmless productivity use while actually enabling broad local data collection and manipulation behaviors.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script's advertised functionality is a generic data logging and processing toolkit, not a habit-building tool with streaks, reminders, or completion analysis. This capability mismatch is dangerous because users may grant trust and provide sensitive personal data under a misleading habit-tracking description, increasing the chance of unexpected data collection and misuse.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The inline comments explicitly identify the program as a 'data tool' and 'data toolkit,' which contradicts the declared habit-tracking use case. While not directly exploitable on its own, this discrepancy is a trust and transparency issue that supports deceptive or misleading behavior around what the skill actually does.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The presence of broad schema, pipeline, profile, and other generic data-processing commands exceeds what is justified for a habit-tracking skill. In this context, unnecessary capability expansion increases attack surface and creates more opportunities for collecting, storing, and exposing user data unrelated to the promised function.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill advertises automatic history and activity logging but does not give users a clear warning about persistent retention, scope of logged content, or how to disable or delete it. In a local-agent context, silent logging can expose sensitive prompts, filenames, queries, or workflow metadata to other local users, backups, or later exports.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script creates a persistent local data directory and logs user inputs and activity history without any clear notice, consent flow, retention policy, or privacy disclosure. This is dangerous because users may unknowingly store sensitive personal content on disk, where it can later be read by other local processes, users, backups, or exports.

Ssd 3

Medium
Confidence
98% confidence
Finding
The tool persistently records raw user-provided inputs and then exposes them through search, recent, status, and export features in plain text. In a habit-tracking context, those inputs may contain routines, health information, goals, or other sensitive personal details, so broad plain-text retention and easy re-exposure materially increase privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal