ClawHub

Movie Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent movie recommendation skill, with the main caveat that its helper script keeps a local history of the command text you enter.

Install only if you are comfortable with local query-history storage and unpinned optional Python dependencies. Avoid entering sensitive personal details or account information in movie requests, and delete the skill's data/movie_advisor_data.json file if you do not want retained history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords include very common terms such as 'movie recommendation,' 'TV show,' 'film,' and 'what to watch,' which are likely to match ordinary conversation outside the intended explicit invocation context. This can cause unintended skill activation, leading the agent to inject this skill's behavior into unrelated requests and potentially override more appropriate skills or user intent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The recommend command writes raw user-supplied arguments to a persistent JSON file without notifying the user or minimizing what is stored. In an agent-skill context, users may provide preferences, account hints, or other sensitive text that then remains on disk and could be exposed to other local users, later processes, or logs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The search command persists raw search terms to disk without any warning or consent, creating an unnecessary privacy and data-retention risk. Search queries often contain sensitive interests, names, or identifiers, and this skill context makes silent collection more dangerous because users expect a movie search, not local tracking.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The detail command also writes user input directly to a local JSON file without disclosure, which can capture sensitive title names, personal interests, or accidental pasted secrets. Because the tool presents itself as a harmless movie advisor, the undisclosed persistence is more concerning in context and can violate user expectations and privacy requirements.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal