ClawHub

Outline

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as an outline generator, but it actually installs a local productivity logger that saves, searches, and exports user-entered notes.

Install only if you want a local productivity logging CLI, not a document outline generator. Avoid entering secrets, confidential drafts, private reminders, or sensitive project notes unless you are comfortable with them being stored in plain text under ~/.local/share/outline and included in searchable history and exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises an outline generator, while the documentation describes a general-purpose local journaling/task-tracking system. In agent ecosystems, this kind of semantic deception can cause the skill to be selected under false pretenses and receive user content that is then persisted, searched, and exported unexpectedly.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The command set documents add/plan/track/review/remind/archive/search/export/status operations for local log management rather than outline creation. This inconsistency broadens the real capability surface beyond what users and automated policy checks would infer from the skill name, making accidental collection, indexing, and disclosure of sensitive notes more likely.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implemented functionality materially exceeds the stated purpose of a document-outline skill and instead provides a generic persistent activity tracker with reminders, reviews, exports, and reporting. This kind of capability mismatch is dangerous because users or host systems may grant trust and provide inputs under the assumption of a narrow outlining tool, while the script silently stores and manages broader personal data.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Reminder, streak, review, archive, and reporting features are outside the expected boundary of a document-outline helper and expand the amount and sensitivity of user data collected. In context, this increases risk because unnecessary features create unexpected persistence and disclosure paths for information users may not intend to store.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The script advertises itself as a broader productivity toolkit, which conflicts with the narrower manifest description. While not exploit code by itself, this mismatch is security-relevant because it signals deceptive or careless packaging that can hide unexpected behavior from reviewers and users.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The description does not prominently warn that user-provided content and command history are written to persistent local files. Even if storage is local-only, users may enter sensitive plans, reminders, or notes assuming ephemeral processing, which creates avoidable privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User-provided content is appended to local log files, but the interface shown to users does not clearly warn that their inputs will be stored persistently. This is dangerous because users may enter sensitive draft text, notes, or personal information assuming ephemeral processing, leading to unintended retention on disk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export feature copies accumulated logs into new files in JSON, CSV, or TXT formats without a prominent warning that potentially sensitive historical data will be aggregated and duplicated. This increases exposure because exported files are easier to share, upload, or leave behind unintentionally than the original logs.

Ssd 3

Medium
Confidence
90% confidence
Finding
The logging design persistently stores user input in plain text and later makes it available for display and export, creating a straightforward data exposure risk if users enter confidential material. In the context of a skill advertised for document outlining, this is more dangerous because users may provide unreleased drafts, plans, or sensitive notes not expecting durable logging.

Ssd 3

Medium
Confidence
91% confidence
Finding
The export routine aggregates all categories of previously recorded user input into a single output file, enabling broad disclosure of historical data in one operation. This is dangerous because consolidation lowers the barrier to accidental exposure and can reveal more information than users intended to share at once.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal