ClawHub

librarian

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only librarian skill that fetches user-provided content and saves structured local notes, with the main risks disclosed and aligned with its purpose.

Install only if you want shared library notes created in your workspace from links or files you provide. Avoid using it on confidential files, private URLs, or sensitive X links unless you are comfortable with local persistence and, for X posts, use of the FxTwitter third-party service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is configured to trigger on very broad phrases like any URL drop, 'save this', and similar language, which can cause unintended invocation in normal conversation. Because the skill performs external fetching and writes files into the workspace, accidental activation can lead to unexpected network access and unwanted persistence of user-provided content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill will ingest and store content, but it does not clearly warn that it may fetch external URLs and write structured notes into the workspace automatically. Users may provide links or files without realizing that third-party requests will be made and local notes will be created, which creates consent, privacy, and data-handling risks.

External Transmission

Medium
Category
Data Exfiltration
Content
From the URL or file, determine:
- **YouTube** — fetch page title + description; note it needs transcript for deep analysis
- **Article / blog** — fetch with web_fetch
- **Tweet / X** — use FxTwitter API: `https://api.fxtwitter.com/{username}/status/{id}`
- **PDF** — use pdf tool
- **Image** — use image tool
- **Podcast / audio** — note URL + title, flag that transcript unavailable unless provided
Confidence
88% confidence
Finding
https://api.fxtwitter.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal