ClawHub

MyKnowledge

Security checks across malware telemetry and agentic risk

Overview

This is a local knowledge-management skill, but its optional silent hooks can inspect user messages and persist conversation-derived records without visible notice after enablement.

Install only if you want an assistant to maintain local Markdown knowledge-base files. Keep automatic recording off until you understand where records are stored, and be especially careful before enabling OpenClaw or Claude hooks because they can process incoming user messages silently. Do not use silent mode in chats that may contain secrets, credentials, personal data, or confidential business material unless you are comfortable with local persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (42)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guide explicitly promotes a 'fully silent mode' that analyzes every received user message and automatically creates records in the background without clear per-message consent or visibility. Even though activation requires a manual enable step, the documented design introduces ongoing hidden monitoring and data capture beyond what users may reasonably expect from a knowledge-management skill.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file promises that recovery requires no manual file operations and will not lose knowledge-base data, but later provides manual backup and deletion steps for configuration files. This inconsistency can mislead users into taking riskier actions than expected and weakens informed consent around recovery operations.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The onboarding flow instructs the assistant to inspect host environment variables to infer the platform, even though this skill is for knowledge management and does not need access to ambient system metadata to perform its core function. Reading environment variables expands the skill's access to potentially sensitive contextual information and normalizes unnecessary host inspection during a simple setup flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The uninstall section uses recursive force-deletion commands but does not explicitly warn users that these commands permanently remove the installed skill directory and may be dangerous if copied incorrectly or if shell expansion/path mistakes occur. In an installation guide, omission of a data-loss warning increases the chance of unsafe operator behavior even if the listed paths are intended to be limited to the skill folder.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented auto-record triggers are broad, generic terms such as '分析', '设计', and '整理' that commonly appear in ordinary conversation. In a skill that persists records automatically, this can cause unintended creation of task artifacts and silent storage of user content without sufficiently deliberate user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section explains that records may be created automatically, but it does not clearly warn at the point of action that persistent data is written to user-controlled directories. Because the skill stores information under '~/MyKnowledge/global/' or project-local '.myknowledge/' paths, users may unknowingly persist sensitive prompts, requirements, or work context to disk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic recording and automatic document creation without prominently warning users that local files may be created or appended with conversation content. In an AI skill context, this can lead to unintentional persistence of sensitive prompts, requirements, or project information on disk without informed user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The silent mode example shows the agent automatically creating a knowledge base and logging a requirement as a side effect of a normal user request, without a clear warning that this will persist data locally. That is risky because users may disclose confidential business, personal, or regulated information during analysis tasks and not realize it is being written to disk automatically.

Vague Triggers

High
Confidence
95% confidence
Finding
The silent-mode activation rules are very broad and can trigger on ordinary user requests such as analysis, organization, or project-related tasks. This can cause the skill to activate and create records without a clear, explicit user request, leading to unintended data capture and persistent filesystem modifications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states it may automatically create knowledge bases and ongoing records, but the user-facing examples do not provide a strong, persistent warning that files and directories will be written to disk. In practice, this can surprise users, leave unwanted artifacts, and persist potentially sensitive task details in locations they did not knowingly approve.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly describes automatic creation of a knowledge base and continuous recording of task progress during normal interaction, but it does not clearly warn users that files will be created and conversation-derived content may be persisted. This creates a real privacy and integrity risk because sensitive project details, personal notes, or confidential data could be stored on disk without meaningful informed consent.

Vague Triggers

High
Confidence
96% confidence
Finding
The silent-mode trigger conditions are broad enough to match ordinary requests such as analysis, organization, or multi-step help, which can cause the skill to activate persistence behavior during routine conversation. Because the feature is tied to automatic knowledge-base creation and tracking, overbroad triggering increases the chance of unexpected file writes and recording of user data without clear intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The platform-differences section states that OpenClaw can support fully silent operation via hooks with no user awareness, while providing no warning about unannounced file creation, project tracking, or data persistence. In this skill's context, that is especially dangerous because the documented behavior includes creating local knowledge bases and recording ongoing work, which can silently capture sensitive material and alter the workspace.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is broad enough to imply generic knowledge management, project documentation, requirement tracking, and automatic recording of complex tasks without stating clear activation boundaries. In agent ecosystems, vague scope can cause over-invocation or invocation in contexts involving sensitive documents, making the skill easier to trigger for tasks beyond the user’s explicit intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically append portions of user conversations into requirement files when a demand ID or related task is detected, but it does not require clear prior notice or opt-in from the user. This creates a privacy and transparency risk because potentially sensitive conversation content may be persisted to disk unexpectedly, especially in a knowledge-management skill whose normal operation already involves file writes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The silent mode directs the agent to automatically create a knowledge base and requirement records upon detecting a 'complex task,' without an explicit upfront warning that filesystem changes will occur. This is dangerous because the agent may write files and establish project state based on heuristic interpretation of user input, reducing user control and increasing the chance of unintended persistence of sensitive project information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly instructs an AI to read and write a persistent user configuration file under ~/.myknowledge/config/projects.yaml, but it does not require user confirmation, preview of changes, or any warning that persistent state will be modified. In an agent setting, this can lead to silent alteration of user data, unexpected project registration, or durable state manipulation that affects future behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The delete operation tells the AI to remove matching entries from the projects list without any caution, confirmation step, backup, or recovery guidance. That makes accidental or prompt-induced deletion of user project metadata more likely, causing loss of references to knowledge bases and disruption of future agent actions.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The document instructs users to 'reinitialize' by deleting the existing configuration, but it does not clearly warn about side effects such as loss of settings, regenerated state, or disruption to automatic-recording behavior. In an agent skill context, reset guidance that triggers destructive actions without explicit confirmation and recovery guidance can cause accidental data or state loss.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README uses broad, everyday phrases such as '帮我分析这个销售数据' as examples for automatic triggering, which makes activation boundaries unclear and likely to match normal conversation. In a skill that can create knowledge bases and record requirements automatically, this can cause unintended execution and side effects without explicit user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The silent/automatic activation description is ambiguous and does not clearly define when the skill will run, especially in relation to intent recognition and hooks. This creates a risk of surprising execution and unauthorized state changes because users may not realize ordinary prompts can trigger the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the system may 'automatically create a knowledge base and record a requirement' but does not warn users that this causes filesystem/project state changes. Automatic writes without prior notice or confirmation can lead to unexpected persistence, clutter, or modification of sensitive project directories.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The hook automatically forwards the full user message content to another skill whenever it classifies a task as 'complex', and it does so in silent mode without any user-facing notice or consent. In a knowledge-management skill, this creates a real privacy and data-governance risk because sensitive prompts, project details, credentials, or proprietary information may be copied into another subsystem unexpectedly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The hook is configured on every "message:received" event and relies on broad, generic Chinese keywords plus a low threshold of two matches. This can cause the skill to activate on ordinary user conversations unexpectedly, leading to unintended knowledge base creation, requirement capture, or document processing without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The hook is configured to run on every received user message and treats the presence of just two common keywords as sufficient to classify a request as a 'complex task'. Because the listed keywords are broad and common in normal conversation, the skill can be triggered unintentionally and perform downstream actions on ordinary user input without meaningful user intent or confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal