ClawHub

Quote

Security checks across malware telemetry and agentic risk

Overview

This is a local quote logging tool with some generic and imperfect command documentation, but no evidence of exfiltration, credential access, destructive behavior, or hidden privileged actions.

Install only if you are comfortable with quote text and activity being saved under ~/.local/share/quote. Do not enter passwords, API keys, private notes, or proprietary material unless you are willing for it to remain searchable on this machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior expands well beyond a quote manager into a generic command/input logger with export, status, config, and history capabilities. That mismatch is dangerous because users or orchestrators may route unrelated sensitive inputs to the skill under the assumption it only handles quotes, leading to unintended retention and later disclosure via exports or logs.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The command table describes a broad utility/action logger rather than a focused quote tool, which can cause overcollection of arbitrary user data and misuse by an agent selecting tools semantically. In an agent setting, ambiguous generic operations like config, batch, compare, report, and status increase the chance the skill is invoked for unrelated tasks and stores data outside user expectations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description is broad enough to match many common user intents such as analysis, generating picks, converting collections, or saving favorites, which can cause accidental invocation by an agent. Because the skill also logs data locally, overbroad triggering raises the risk that unrelated or sensitive prompts are captured and retained without clear user intent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation acknowledges local storage and activity logging, but it does not present this as a clear pre-use warning or consent checkpoint before data-affecting actions occur. In practice, users may provide sensitive text believing the tool is only analyzing/displaying quotes, not persistently recording all actions and history.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script persistently stores arbitrary user-provided inputs and activity history under ~/.local/share/quote without clear consent or warning. In a skill context, users may provide sensitive text such as private notes, prompts, or quotes containing personal data, creating a privacy risk and local data exposure if the account or machine is later accessed by another party.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The help text omits that most commands write raw inputs and history to persistent local storage, which undermines informed user consent. Because this skill is presented as a quote utility, the hidden persistence makes the behavior more misleading and increases the chance that users will enter sensitive or copyrighted material they did not expect to be retained.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal