ClawHub

Temporal Knowledge Graph Synthesizer

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it automatically processes private OpenClaw memory logs into persistent files and includes daily background processing without enough user control or scoping.

Install only if you are comfortable with all dated OpenClaw memory logs being parsed into persistent entity files. Avoid running cron_setup.sh unless you specifically want daily background processing, and review ~/.openclaw/workspace/memory/entities for sensitive names, projects, or relationships after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet the manifest and embedded command behavior indicate it can read memory/log files and write graph outputs. This creates a transparency and consent problem: users and the platform may not realize the skill modifies local workspace state and processes potentially sensitive memory data.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest frames the skill as an analysis tool, but the body states that invocation causes a background script to parse memories and update entity graphs automatically. This hidden side effect is risky because merely invoking or reading the skill can mutate local knowledge files without an explicit action or confirmation from the user.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase 'When you are invoked' combined with automatic background processing is vague and broad, making it easier for the skill to trigger in contexts where the user only wants information retrieval. Overbroad activation increases the chance of unintended parsing of sensitive memory files and unexpected workspace modification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that a background script will automatically parse memories and update graph files, but it provides no warning that user workspace data will be modified. In a memory-processing skill, this is more dangerous because the source material likely contains sensitive session history, and silent mutation can affect trust, privacy, and data integrity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently registers a recurring background task that parses daily logs and memory files, which are likely to contain sensitive user and session data. Because there is no user-facing notice, consent flow, scope limitation, or disclosure of what data will be processed, the job creates a privacy and data-governance risk through unattended collection and analysis of sensitive information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script reads all daily memory logs from a workspace directory, aggregates their full contents, and derives persistent entity files without any notice, consent gate, minimization, or sensitivity filtering. In a memory-processing skill, those logs are likely to contain personal, confidential, or workspace-sensitive information, so silently transforming and persisting extracted data increases privacy and data-retention risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code unconditionally opens entity markdown files in write mode and replaces their contents, while also merging selected metadata from existing files. This can silently overwrite prior user edits or previously generated data, creating integrity and data-loss risks in a directory that appears to be part of persistent memory state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal