ClawHub

Source Library

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it automatically saves every shared link and related analysis into a persistent local library without clear confirmation or deletion controls.

Install only if you want your agent to keep a long-lived local record of links you share, including generated summaries, claims, quotes, tags, analysis, and context. Avoid sharing confidential or private URLs while it is active unless you intend them to be archived, and review or manually remove files under life/source when data should not be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill description narrows the purpose to a source-saving knowledge base and says it should not be used for bookmark management or fetching without saving, but the command surface adds broader queue management, bulk import, synthesis, and stats features. This mismatch can cause the agent or user to invoke behaviors they did not meaningfully consent to, expanding persistence and processing beyond the stated scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README prominently states that every shared link is analyzed and filed into a persistent knowledge base, but it does not clearly warn users that shared content will be stored locally in workspace files. In an agent environment, silent persistence of potentially sensitive URLs, research topics, or private references can create privacy and data-retention risks, especially if users assume links are only being discussed transiently.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The automatic capture and saving behavior is described as seamless and default, but the README does not warn that this modifies the workspace by creating and updating files under life/source. In practice, automatic writes can surprise users, persist sensitive content, and interfere with workflows or repositories if the workspace is synced, version-controlled, or shared.

Vague Triggers

High
Confidence
96% confidence
Finding
Auto-triggering on any shared URL is overly broad and will inevitably capture benign, incidental, or sensitive links the user did not intend to store. In a persistent knowledge-base skill, that creates a strong risk of unintended collection and long-term retention of private material.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Phrases like 'what have I read', 'conflicts', and 'connections' are broad enough to appear in normal conversation and may spuriously invoke the skill. Because the skill performs retrieval and persistence-oriented workflows, accidental invocation can expose prior stored content or prompt unnecessary storage actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic saving of shared URLs but does not pair that with a clear warning that content, quotes, claims, and context will be stored persistently. Users may share links conversationally without realizing they are creating durable memory entries, which undermines informed consent.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill is designed to capture 'everything the user shares' and retain structured summaries, quotes, analyses, and cross-references. In context, that makes the retention risk more serious because the feature set is explicitly optimized for durable memory and correlation, increasing the chance that sensitive information is stored and later resurfaced.

Ssd 3

Medium
Confidence
96% confidence
Finding
The auto-triggered workflow saves detailed source records—including claims, analysis, and context—without explicit confirmation. That is dangerous because it converts transient chat content into persistent memory automatically, which can retain private research interests, work details, or sensitive notes without deliberate user action.

Ssd 3

Medium
Confidence
94% confidence
Finding
The required entry format and quality rules push the agent to store verbatim quotes, contextual rationale, and decisions made based on a source. Those fields can easily capture personal data, confidential business reasoning, or sensitive associations, making later leakage or overexposure more damaging than simple bookmark storage.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal