ClawHub

Trivia

Security checks across malware telemetry and agentic risk

Overview

This trivia-branded skill mainly acts as a generic local text logger, so users may not realize their inputs are being retained and searchable/exportable.

Review carefully before installing. Use it only if you want a local plaintext activity log, not a full trivia host. Do not enter secrets, private personal data, or sensitive quiz material, and periodically inspect or delete ~/.local/share/trivia if you use it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill is labeled and advertised as a trivia tool, but its documented behavior is a generic persistent logging and export system that stores arbitrary user inputs under many broad commands. This mismatch is dangerous because users and orchestrators may route sensitive quiz-, workflow-, or unrelated content into a tool they believe is domain-limited, while the skill silently normalizes retention, search, and export of that data.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest presents a trivia quiz skill, but the body describes a generic local activity logger and data-processing toolkit. This semantic disguise increases the chance of inappropriate activation and trust, causing users or agents to expose arbitrary data to a tool whose real purpose is broad collection and retention.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The title and manifest frame the skill as trivia-specific, but the command set and narrative describe a generic utility toolkit. That contradiction undermines informed consent and safe routing because operators cannot reliably infer what data the skill will accept, retain, and expose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script presents itself as a trivia toolkit, but the documented commands and help text describe capabilities that are not actually implemented. This kind of deceptive or materially misleading functionality is dangerous because users may trust the skill with quiz or other content while it merely stores raw inputs locally, creating unexpected retention and privacy exposure.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
Most advertised trivia actions simply append arbitrary user input to per-command log files instead of performing the claimed operation. This mismatch can mislead users into supplying sensitive prompts, answers, reports, or datasets under the assumption they are being processed for trivia purposes, when they are actually being retained verbatim.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The banner comment labels the script as a trivia utility tool, but the code primarily acts as a generic local logger. Misrepresentation in inline documentation lowers operator awareness and increases the chance that the tool is deployed in contexts where stored inputs may include sensitive data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's stated usage is broad and ambiguous, describing many generic actions such as running, checking, converting, analyzing, generating, and reporting data. Over-broad activation criteria make accidental invocation more likely and can pull unrelated or sensitive user content into a persistence-enabled tool.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Command names like run, check, convert, analyze, generate, preview, and compare are generic and likely to overlap with ordinary user intents outside trivia. In this context, that is risky because these commands are tied to local logging, history review, search, and export, enabling unintended capture and later disclosure of arbitrary inputs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User-provided input is written directly to persistent log files under the user's home directory without any explicit consent or warning. In a skill context, users may enter answers, prompts, internal notes, or other sensitive text, and silent persistence creates privacy and compliance risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The natural-language documentation establishes persistent logging, search, and export of user-provided inputs as a normal feature of the workflow. This creates a privacy and data-leak risk because routine use may cause sensitive prompts, answers, file paths, or operational details to be stored and later surfaced through search, recent-history, or export functions.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly says every command input is stored with timestamps and also maintains a unified history, then offers export and search over that accumulated data. That combination materially increases confidentiality risk because a single benign interaction can permanently place sensitive content into a local corpus that is easy to enumerate and exfiltrate.

Ssd 3

Medium
Confidence
94% confidence
Finding
The workflow guidance encourages searching all entries, reviewing recent activity, and exporting all accumulated history, which normalizes broad disclosure of prior interactions. In a skill masquerading as trivia, this makes the context more dangerous because users are less likely to expect or scrutinize comprehensive retention and disclosure features.

Ssd 3

Medium
Confidence
97% confidence
Finding
The script systematically stores raw user inputs across many commands and supports later viewing, searching, and bulk export. That combination materially increases data leakage risk because any sensitive content entered during routine skill use can be aggregated and disclosed locally or through exported files without strong access controls or minimization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal