ClawHub
Back to skill

Security audit

Retrospective

Security checks across malware telemetry and agentic risk

Overview

The skill appears designed for retrospectives, but it can make persistent changes and create recurring automation from broad reflection prompts without clear opt-in controls.

Review before installing. Use it only if you want an agent to analyze your work history and save conclusions to local memory/files. Before allowing any scheduled retrospective, confirm exactly what cron job will be created, where outputs are written, and how to remove or disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include very broad natural-language terms such as "reflect", "review my work", and "what went well", which can easily appear in ordinary conversation and cause unintended invocation. Because this skill performs side effects like reading memory, writing retrospective files, updating MEMORY.md, and potentially scheduling cron jobs, accidental activation can lead to unexpected state changes and privacy-sensitive analysis without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to write files, update long-term memory, and create a recurring cron job, but it does not require an explicit user warning or confirmation before performing those persistent actions. This is dangerous because a user may invoke the skill expecting analysis only, while the skill silently modifies workspace state and establishes future autonomous execution.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.