ClawHub

BrainRepo

Security checks across malware telemetry and agentic risk

Overview

BrainRepo is a disclosed local markdown knowledge-base skill, but users should supervise what it stores and syncs.

Install only if you want an agent-managed markdown repository at ~/Documents/brainrepo/. Do not store secrets or highly sensitive personal details casually, review changes before deletion or cleanup, and verify any Git remote is private and correct before allowing git push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as 'remember', 'note', or 'capture', which can cause the skill to activate when the user did not intend to persist information. In this skill's context, accidental activation is especially risky because it writes potentially sensitive content into a fixed local repository, creating privacy and integrity issues through unintended storage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs automatic onboarding that creates directories, files, and optionally initializes a git repository on first interaction without an explicit, informed user confirmation before modifying the filesystem. In this context, the fixed path and automatic behavior increase risk because a benign retrieval or note-related request could unexpectedly cause persistent local changes and versioning of sensitive data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages storing sensitive relationship and personal-life data in markdown files, including how someone was met, interaction logs, important dates, and health/medical information, but provides no guidance on consent, minimization, access controls, encryption, or retention. In the context of a Git-backed knowledge repository, this creates a realistic privacy and confidentiality risk because users may sync, back up, or accidentally publish highly sensitive data.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The phrase "Save this: [content]" is a highly generic natural-language trigger that can appear in ordinary conversation, quoted text, or untrusted content. In a skill that automatically writes to a Git-backed knowledge repository, accidental activation could capture unintended data, create notes without user intent, or persist sensitive information and then propagate it via commit/push workflows.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The workflow defines many broad conversational commands such as "New project," "Add person," "Save this link," and retrieval prompts without clear activation scoping. Because the skill operates on local files and encourages Git synchronization, ambiguous triggers increase the risk of unintended file creation, modification, data disclosure during retrieval, or prompt-injection-style command confusion from embedded content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal