ClawHub

Quick Capture

Security checks across malware telemetry and agentic risk

Overview

This skill writes local Markdown notes as advertised, with some accidental-capture risk from broad trigger phrases but no evidence of hidden, destructive, or exfiltrating behavior.

Install only if you want quick local note capture. Confirm the skill is placed in the intended note-vault layout, keep backups or version control for Inbox and Journal, and use Journal for raw notes when you do not want the agent to expand or restructure your text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to invoke a Python script that writes notes into the user's note system, which implies file read/write capability, but the manifest declares no permissions. This creates a trust and review gap: operators cannot accurately assess the skill's side effects, and a broadly-triggered skill with hidden write access can modify local data unexpectedly.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are very broad, including common expressions like '记一下', '存一下', and references to inbox/journal, making accidental invocation likely during ordinary conversation. Because the skill performs persistent writes, ambiguous activation can cause unintended capture of sensitive or private user content into local notes without clear consent at that moment.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default-routing rule says ambiguous requests like '记一下' or '存一下' should automatically write to Inbox and even '完善' the content, which increases the chance of misclassification and unwanted transformation of user input. This is dangerous because an imprecise utterance can trigger both persistence and content expansion, causing incorrect records, privacy leakage, or hallucinated additions in the note system.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal