ClawHub

Ai Secretary Bundle

Security checks across malware telemetry and agentic risk

Overview

This looks like a coherent AI secretary bundle, but it asks users to run unreviewed external installation steps and grant sensitive email access with recurring automation.

Review carefully before installing. Do not run the external install.ps1 unless you inspect it first, review each dependency skill separately, use app-specific email credentials, require confirmation before sending or modifying email, and disable scheduled jobs until you understand exactly what data they access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases are broad natural-language commands such as checking mail, news, reminders, and routines, which can easily overlap with ordinary user conversation. In an agent skill that can access email and perform actions, ambiguous invocation increases the risk of unintended activation, leading to accidental data access or task execution without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises mail access, reminders, and news retrieval but does not clearly disclose that the skill may read mailbox contents, contact external news sources, and process potentially sensitive user data. In a secretary-style skill, this omission is more dangerous because users may configure personal or executive email accounts, creating privacy, consent, and data-handling risks if network and access behavior are not made explicit.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill markets mailbox management, auto-classification, summaries, and scheduled sending, which inherently require access to sensitive email content and can trigger outbound actions on the user's behalf. Without explicit warnings, consent boundaries, or safeguards, users may unknowingly expose confidential communications or allow unintended automated messages to be sent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples normalize autonomous behavior such as setting reminders and sending meeting agendas without showing user approval, confirmation prompts, or limits on who will receive communications. In a secretary-style assistant, this increases the risk of unauthorized calendar/task changes or accidental external communications that could expose sensitive business information or cause operational mistakes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The shortcut phrase "检查邮件" and example "检查新邮件" are common natural-language requests that can easily appear in ordinary conversation. In an assistant skill that performs email actions or reveals mailbox summaries, accidental activation could expose sensitive message metadata or trigger unintended workflow behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
"开始我的一天" is a very broad phrase that overlaps with normal user conversation and routine planning language. Because this skill aggregates emails, tasks, and schedules, unintended triggering could surface private work information without the user deliberately invoking the assistant workflow.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrases "结束今天的工作" and "结束今天" are generic conversational statements that may be said casually without intending to invoke the skill. If interpreted as commands, they could trigger status summaries, task transitions, or end-of-day actions that expose sensitive work data or alter reminders/tasks unexpectedly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal