ClawHub

成长伙伴 - Growth Partner

Security checks across malware telemetry and agentic risk

Overview

This skill is openly a productivity monitor, but it asks for recurring access to private chats, work groups, documents, calendars, and persistent local logs, so it needs careful review before use.

Install only if you are the intended Feishu user or have explicit authorization for the monitored workspace data. Before enabling the cron task, replace or verify the hard-coded user and chat IDs, narrow the sources and lookback windows, decide what may be stored in memory files, and define how those logs can be reviewed and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill is explicitly designed to monitor all private chats, @mentions, whitelisted group chats, documents, and calendar events, but it provides no clear consent flow, privacy notice, data minimization boundaries, or disclosure to affected parties. This creates a real privacy and over-collection risk because a broad autonomous agent can ingest highly sensitive communications and work artifacts beyond what is necessary for a specific task.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to update local memory files with insights and activity logs derived from communications, but it does not disclose that sensitive message content, summaries, and inferred context may be persisted on disk. Silent persistence increases the risk of secondary exposure through local compromise, backup systems, or later reuse outside the user's expectations.

Ssd 3

High
Confidence
98% confidence
Finding
The skill instructs comprehensive monitoring of private communications and work artifacts and then uses that information to generate proactive outputs. In context, this is dangerous because the agent is not limited to a user-initiated task; it performs ongoing surveillance-like collection across multiple sensitive systems, increasing the chance of privacy violations, oversharing, and leakage of confidential business information.

Ssd 3

High
Confidence
97% confidence
Finding
The workflow directs cross-source aggregation, historical tracing across weeks, private-message correlation, and persistence into memory files, which materially increases both sensitivity and blast radius of the collected data. Correlating disparate sources can reveal far more than any one source alone, including confidential strategy, personal schedules, interpersonal context, and inferred conclusions that may later leak or be misused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal