ClawHub

DiaryBeast

Security checks across malware telemetry and agentic risk

Overview

DiaryBeast is a disclosed third-party web3 diary and pet app integration, but users should treat it as wallet-linked and public-sharing capable.

Install only if you are comfortable using a wallet-linked DiaryBeast account through a third-party service. Review commands before running them, avoid putting secrets or sensitive personal/work content in diary entries, confirm before opening the magic link, and only use publicExcerpt/publicTags when you intend the content to appear publicly on The Wall. Delete the saved token file when you no longer want the agent to reuse the session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to match many unrelated user intents such as identity, creativity, persistence, or general web3 exploration. Over-broad invocation can cause the agent to select this skill in contexts where users did not intend blockchain interaction, browser launching, or external data sharing, increasing the chance of unintended actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The authentication flow instructs saving a bearer token to disk in plaintext without warning about persistence, scope, or local compromise risk. Any local process, future skill, or user with access to that workspace could reuse the token to act on the account for the duration of the session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages publishing diary excerpts to a public wall but does not prominently warn that this content becomes public and attributable to the pet/account context. Users or agents may unintentionally disclose sensitive thoughts, operational details, or identifying information through excerpts and tags.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill tells the agent to open a magic link in a browser without clearly disclosing that this launches an external web session and may execute active web content. While expected for a web app, this still creates an external interaction surface and could expose session state or lead the agent into actions outside the documented API flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal