ClawHub

org-cli

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but users should review it because some write tools can target files beyond the declared org workspace and it encourages broad persistent note capture.

Install only if you want the agent to search and edit your org files and org-roam database. Use a dedicated org workspace, point ORG_CLI_BIN to a trusted org executable, avoid storing highly sensitive personal facts unless you explicitly want them retained, and be cautious with custom file targets until the plugin enforces that writes cannot escape the configured org directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to run queries against the user's org files and org-roam knowledge base without clarification, including prompts like 'What do you know about Sarah?' and 'Search my notes for Y'. This can cause the agent to access and summarize potentially sensitive personal data without confirming scope, identity, or user intent, increasing the risk of over-broad disclosure from private notes.

Ssd 3

Medium
Confidence
94% confidence
Finding
The injected session instructions explicitly tell the agent to offer saving 'durable facts' such as preferences, dates, and relationships that arise in conversation, even when those facts are outside the user's immediate request. Although it says to confirm before writing, this broadens collection of personal data and nudges the agent toward secondary-use retention, increasing privacy risk and the chance of oversharing sensitive information into org/roam files.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal