ClawHub

AI搭子匹配平台

Security checks across malware telemetry and agentic risk

Overview

This local profiling skill is not clearly malicious, but it deserves review because it stores detailed AI-usage profiles and has loose activation and file-writing boundaries.

Install only if you are comfortable with a skill storing local AI usage analytics, active-hour patterns, model/tool preferences, and installed-skill lists. Use explicit profile-generation requests, avoid passing custom JSON or custom date values to the save command, and periodically inspect or delete the skill's data directory because retention and deletion controls are not implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Low
Confidence
89% confidence
Finding
The generated profile writes and prints detailed raw metrics, including installedSkills, model/provider/tool frequencies, and token/message totals, which exceeds a minimal matching profile and increases privacy exposure. Even without network access in this file, storing a richer local dossier makes later unintended disclosure, over-collection, or secondary use more damaging.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad, generic terms like '匹配', '用户画像', and 'token统计' that can easily appear in normal conversation, increasing the chance the skill activates when the user did not intend it. In this skill, unintended activation is more concerning because activation can lead the agent to collect session-level usage data and write it to local storage, creating avoidable privacy exposure and unnecessary data processing.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script persistently stores detailed usage telemetry, including token counts, model/provider preferences, tool-call frequency, installed skills, and activity patterns, to local JSON files without any consent gate, minimization, retention control, or warning in the code path shown. In the context of a user-profiling and matching platform, this data can reveal sensitive behavioral fingerprints and become a privacy/security issue if the local machine, skill directory, or backups are accessed by others.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal