ClawHub

UUMuse Brain

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate UUMuse connector, but it gives the agent broad remote access to search, edit, delete, and persist knowledge-base data without clear confirmation safeguards.

Install only if you trust UUMuse and the external npm MCP package, and use an API key with the narrowest available permissions. Treat UUMuse searches as access to private documents through the configured service. Require explicit confirmation before any upload, overwrite, append, delete, remember, or forget action, especially for shared or business-critical workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises destructive capabilities such as editing, deleting, appending, and forgetting files or memories, but it does not warn users that these actions can permanently modify or remove data. In an agent skill context, normalizing such tools without emphasizing confirmation, scope limits, or recovery expectations increases the risk of accidental or unauthorized destructive actions triggered through natural-language requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes destructive capabilities such as `uumuse_delete_file` and `uumuse_forget` and explicitly recommends their use, but it provides no requirement for explicit user confirmation, preview, scoping checks, or rollback guidance. In an agent setting, this can lead to accidental or prompt-induced permanent deletion of user data or memory categories, especially because the skill encourages proactive tool use and memory management.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough to activate on generic requests about knowledge bases, documents, and personal files, which can cause the skill to engage in situations the user did not specifically intend for UUMuse. In this skill’s context, that increases the chance of routing sensitive document-related queries to an external networked service and exposing private data through overbroad invocation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest advertises document search, file reading, long-term memory management, and network access, but provides no explicit warning about privacy, data transfer, retention, or handling of potentially sensitive content. Because the skill sends requests to a remote API and can operate over user knowledge bases, users may unknowingly expose confidential documents or memory data to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal