ClawHub

2nd Brain

Security checks across malware telemetry and agentic risk

Overview

This is a useful personal memory skill, but it can persist notes and original media files too readily without clear confirmation or retention limits.

Install only if you want the assistant to keep a durable personal knowledge base. Review saved entries and attachments periodically, avoid sending sensitive IDs, financial records, private third-party media, or confidential PDFs unless you truly want them retained, and be cautious with the optional QMD install unless you trust that repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill's activation criteria are broad enough to match common conversational phrases like 'remember', 'visited', or 'who is', which can cause the agent to invoke this skill in situations the user did not intend. In a memory-writing skill, over-triggering is risky because it can lead to unintended persistence of personal information and incorrect routing away from less durable context mechanisms.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The markdown guidance reinforces ambiguous routing rules by instructing the agent to use this skill for broad categories of named entities and everyday phrases, without sufficiently constraining when persistence is appropriate. Because the skill has write access to a long-term knowledge base, ambiguous instructions increase the chance of storing sensitive or inaccurate data without clear user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction that media files 'MUST BE SAVED' encourages persistent storage of user-provided photos, audio, video, and PDFs without any adjacent warning about privacy, consent, sensitivity, or retention. This is dangerous because such files commonly contain personal, biometric, location, financial, or third-party data, and mandatory preservation expands exposure beyond what may be necessary for the task.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The attachment workflow repeatedly instructs the agent to preserve original files and 'never discard attachments' unless explicitly told, but omits safeguards about sensitive personal data, third-party consent, or default retention limits. In practice, this can normalize indefinite retention of potentially confidential documents and media, increasing privacy risk and the blast radius of any later compromise of the workspace.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal