ClawHub

Multi-Chat Context Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a local command-line context store; it saves chat history in plaintext and can erase its own stored contexts, but I found no hidden network access, credential use, or unrelated behavior.

Install only if you are comfortable with manually supplied conversation history being saved in plaintext under the skill's data directory. Avoid storing secrets or sensitive personal data, and use the clear command carefully because running it without a channel can erase all contexts stored by this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and documents shell execution plus filesystem read/write behavior via a Python CLI, but the manifest declares no permissions or equivalent security metadata. This mismatch can cause downstream systems or reviewers to underestimate the skill's capabilities, leading to unsafe deployment or use with broader access than intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool persists full conversation messages and agent responses to disk automatically, but there is no user-facing notice, consent flow, or indication of where sensitive chat data will be stored. In a chat-context manager, this increases privacy and data-handling risk because users or operators may unknowingly store secrets, personal data, or internal content in a local file.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The clear operation supports deleting all stored contexts when no channel is provided, and it does so without any confirmation, dry-run, or warning. This creates an easy path for accidental destructive actions, particularly in a CLI utility managing conversation history that may be operationally important.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal