ClawHub

ResearchMonitor

Security checks across malware telemetry and agentic risk

Overview

ResearchMonitor is a coherent research-update skill that stores local topic and seen-item state, with no evidence of hidden access, exfiltration, or destructive behavior.

Install only if you are comfortable with your research topics being stored in a local research_config.json file and used in web searches. Review or clear that file if the topics, timestamps, or seen-item history are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill performs local file reads and writes via `research_config.json` and `scripts/daily_briefing.py`, but those capabilities are not declared to the user or platform. Undeclared persistence and filesystem access reduce transparency and can lead to unexpected data modification or retention, especially if the skill is invoked automatically or on ambiguous triggers.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The stated purpose is monitoring research updates, but the actual behavior also includes persistent state management, arbitrary identifier tracking, and modification of local configuration data. This mismatch can mislead users and reviewers about the true data handling surface, increasing the risk of consent, privacy, and misuse issues.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "check for research updates" is generic and likely to appear in ordinary conversation, which can cause the skill to activate unintentionally. In an agent environment, broad triggers increase the risk of accidental execution of monitoring behavior or other side effects without a clear, deliberate user invocation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that the skill can run a daily routine and manage `research_config.json`, but it does not clearly warn users that ongoing monitoring and configuration changes may occur. This can lead to user surprise, unintended persistence, or silent config modification in a way that reduces transparency and informed consent.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The skill does not clearly define when it should run, and the workflow includes autonomous actions like reading config, searching the web, and writing tracking state. Ambiguous activation criteria can cause the skill to run unexpectedly, leading to unintended searches, persistence, or user notifications without clear consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell the agent to save topics and maintain `last_checked` and seen-item history, but they do not warn the user that this information will be persisted locally. Hidden persistence is a security and privacy concern because users may not expect ongoing storage of their interests and activity metadata.

VirusTotal

35/35 vendors flagged this skill as clean.

View on VirusTotal