ClawHub

Daily Questions

Security checks across malware telemetry and agentic risk

Overview

This skill asks daily questions and persistently updates local profile files, which is sensitive but coherent with its stated self-improvement purpose.

Install only if you want your questionnaire answers stored in USER.md and SOUL.md and used to influence future agent behavior. Review those files occasionally, avoid sharing secrets in answers, and disable the routine if you do not want recurring profile updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation wording is broad enough to be invoked during setup, modification, or routine operation, which increases the chance the skill runs in ordinary contexts without a narrowly scoped user request. Because the skill reads and updates persistent profile/behavior files, accidental activation can cause unintended collection or modification of sensitive preference data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description explicitly says it will update USER.md and SOUL.md but does not warn the user that persistent personal-profile and agent-behavior files will be modified. This creates a transparency and consent problem: users may answer casual Telegram prompts without realizing their responses will be stored and used to shape future agent behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow instructs the agent to read USER.md and SOUL.md fully, identify gaps, and then update them after each round, yet it contains no privacy, retention, or persistence notice. In context, this is more concerning because the skill is designed as an automated cron-driven routine over Telegram, so repeated background collection can normalize silent profiling over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal