ClawHub
Back to skill

Security audit

friend-skill

Security checks across malware telemetry and agentic risk

Overview

This skill handles private friend/chat data locally for a disclosed persona/chat workflow, with no evidence of upload, credential access, destructive behavior, or hidden persistence.

Install only if you are comfortable storing friend-related private data locally. Use one-on-one chats only when appropriate, avoid group chats or third-party private content without consent, and delete generated persona files when no longer needed. Expect some packaging friction because the shipped file layout does not match the documented commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.