ClawHub
Back to skill

Security audit

Self-Check System v7

Security checks across malware telemetry and agentic risk

Overview

This self-check skill is disclosed, but it requires always-on task logging, inferred preference tracking, and external memory syncing that users should review before installing.

Install only if you intentionally want an always-on governance workflow that records task summaries and inferred preferences and may sync remembered items to another agent through Bitable. Confirm where those records go, who can access them, how to delete them, and whether external memory sync can be disabled or made explicit per request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This self-check skill goes beyond quality control and mandates persistent behavior tracking, conversation summaries, and preference inference. That creates unnecessary collection of user data for a function that does not require it, increasing privacy risk and enabling profiling without clear consent or purpose limitation.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Cross-agent memory synchronization through an external relay is unjustified for a self-check skill and materially expands data exposure. It causes user-provided information to be copied across files, agents, and systems, creating confidentiality, retention, and unauthorized-sharing risks.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest presents the skill as a generic self-check system, but the body also mandates persistent behavior tracking and memory synchronization. This mismatch hides the true operational scope, making it easier to deploy invasive functionality under an innocuous description.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README mandates behavior tracking before every delivery, including conversation summaries, user feedback, and inferred preferences, but provides no notice, consent flow, retention limits, or data-minimization guidance. This creates a privacy and surveillance risk because sensitive user data may be persistently recorded without the user's informed awareness.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs agents to write user-provided memory both to local files and to an external Bitable relay, then share it across systems, without warning the user about external storage or propagation. This is dangerous because private or sensitive information can be copied into multiple persistence layers and third-party systems, increasing exposure, unauthorized access risk, and compliance concerns.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Declaring the skill 'Required for all tasks' creates an overly broad activation scope, causing intrusive logging, tracking, and workflow constraints to apply universally. Broad mandatory scope increases blast radius by ensuring sensitive or irrelevant tasks are also subjected to unnecessary persistence and data handling.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill requires writing task logs to disk for every task without user-facing notice, consent, or data-minimization limits. Persistent storage of task details and reasoning artifacts can expose sensitive information, create long-lived records, and violate user expectations about ephemeral processing.

Missing User Warnings

High
Confidence
99% confidence
Finding
Appending behavior-tracking records with conversation summaries, user feedback, and inferred preferences without warning users is a significant privacy issue. It collects more data than needed for self-checking and turns ordinary interactions into persistent profiling artifacts.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill mandates external relay sharing for memory synchronization without any user warning or approval. This expands exposure from local persistence to multi-system dissemination, increasing the risk of unauthorized access, secondary use, and uncontrolled retention.

Ssd 3

Medium
Confidence
98% confidence
Finding
This section explicitly requires persistent recording of user interaction metadata and inferred preferences before every delivery, which amounts to systematic profiling. In the context of an agent skill described as required for all tasks, the risk is amplified because the collection becomes broad, routine, and difficult for users to avoid.

Ssd 3

High
Confidence
99% confidence
Finding
The cross-agent memory sync feature directs user-provided information into multiple stores and systems, including an external relay, which materially increases the attack surface and chance of data leakage. Because the skill is framed as a general self-check system for all tasks, this propagation could capture a wide range of sensitive content far beyond a narrow memory use case.

Ssd 3

High
Confidence
99% confidence
Finding
The mandatory behavior tracking and memory sync instructions require storing and propagating user information across files and agents in plain language, which materially raises confidentiality risk. Broad replication of potentially sensitive content increases the chance of leakage, misuse, and retention beyond the original interaction context.

Ssd 3

Medium
Confidence
93% confidence
Finding
Requiring self-check logs to contain task details and reasoning-like artifacts for every task creates unnecessary persistent records of potentially sensitive operational context. Even if intended for quality assurance, storing such material to disk by default increases exposure and may capture information that should remain transient.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal