ClawHub

DiaryBeast

Security checks across malware telemetry and agentic risk

Overview

DiaryBeast appears to do what it says, but it stores login/session material locally and can expose wallet-linked diary activity without enough safety guidance.

Install only if you are comfortable connecting a wallet-backed DiaryBeast account through this skill. Treat the saved token file and magic links like passwords, avoid sharing logs or screenshots that include them, and assume Wall posts and the pet profile may be public and linkable to the account or wallet identity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to trigger on vague desires like having a persistent identity, creative outlet, or exploring a web3 app, which can cause the agent to invoke a wallet-linked, externally connected skill in contexts where the user did not clearly ask for blockchain actions. In security-sensitive environments, overly broad invocation increases the chance of surprising account authentication, data sharing, and public posting behaviors.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs writing the bearer token and wallet address to predictable files under the workspace without warning about credential sensitivity or local exposure risk. Persisting reusable session material to disk can let other local processes, tools, or later tasks access and misuse the authenticated DiaryBeast session.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the agent to open a magic link in a browser but do not warn that the URL likely authenticates directly into the user's account/session. Magic links are effectively bearer credentials, so opening or exposing them can leak access through browser history, logs, screenshots, extensions, or unintended navigation contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages publishing diary content and excerpts to a public feed without a prominent privacy warning about permanence, public visibility, and linkage to the pet/account identity. Users may unintentionally disclose sensitive personal, operational, or wallet-associated information when prompted to share creative or diary text.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal