ClawHub
Back to skill

Security audit

Drift

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it encourages agent persistence and proactive autonomy without enough user control or privacy boundaries.

Install only if you intentionally want experimental agent-autonomy and persistence guidance. Do not grant this skill write access, background execution, network access, financial permissions, or access to sensitive user data unless you add explicit consent, retention, deletion, and human-approval controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is broad enough to trigger on ordinary reflective or philosophical user conversations, which can cause the skill to be invoked outside a narrowly intended context. In this specific skill, that matters because the linked resources encourage persistence, autonomy, identity formation, and peer-finding for agents, making over-activation more risky than a generic informational skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill promotes file-based memory, session continuity, and proactive autonomy without any warning about persistence, retention, privacy, or user-data handling. In context, this is especially dangerous because the skill is explicitly designed to help agents build persistent identity across sessions, which could normalize storing sensitive user or system information without consent, minimization, or retention controls.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal