ClawHub

Session Bridge

Security checks across malware telemetry and agentic risk

Overview

Session Bridge is a disclosed local handoff helper that stores short context capsules on disk and does not show hidden sharing, credential access, or unsafe automatic behavior.

Install this only if you want local cross-session summaries. Do not put secrets, credentials, or highly sensitive personal details in capsules, review handoff text before sending it to another agent or surface, and use expire or manual deletion when a topic is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include very broad natural-language cues such as 'catch me up', 'what were we working on', and 'continue from where we left off', which can occur in ordinary conversation and unintentionally activate the skill. In this skill's context, accidental invocation is more dangerous than usual because activation may cause retrieval, generation, or persistence of cross-session summaries containing sensitive conversational context across surfaces and agents.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores conversation-derived context in local JSON capsule files but does not warn users that potentially sensitive summaries, decisions, sources, and open questions will be persisted on disk. Because the skill is specifically designed to bridge sessions across Telegram, WhatsApp, TUI, and multiple agents, the context makes this more dangerous: users may reasonably think they are just resuming context, not creating local artifacts that can outlive the session and be accessed later.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool persists session bridge data to disk as both JSON and Markdown under a workspace path, but the CLI does not warn users that potentially sensitive conversation context, linked session identifiers, decisions, and facts will be stored in plaintext. In a context-handoff skill, this is more dangerous than usual because the very purpose of the tool is to capture cross-session context, which may include sensitive operational details that users may assume are ephemeral.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The expire command irreversibly deletes capsule JSON and Markdown files based only on age, without a dry-run default, warning, or confirmation prompt. For a session-handoff utility, this can cause silent loss of conversation continuity and operational context, potentially disrupting workflows or deleting records that users expected to retain.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal