ClawHub

Learnings Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it stores user-directed learning notes in a MeiliSearch index, but users should treat that index as potentially containing sensitive workflow history.

Install only if you are comfortable keeping a persistent searchable history of mistakes, fixes, preferences, and selected memory-note content. Keep MEILI_HOST pointed at a trusted local or controlled MeiliSearch instance, protect the MEILI_KEY, review dry-run output before using --apply, and do not log tokens, passwords, private customer data, or raw command output that may contain secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly describes persistent logging of failures, corrections, patterns, and user preferences, but provides no guidance on excluding secrets, personal data, credentials, or sensitive system details. In a learning/logging skill, these categories can easily capture command output, prompts, tokens, file paths, and behavioral data, creating a privacy and data-retention risk if stored or indexed without minimization or redaction.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill persistently stores user corrections, failures, and preferences in a MeiliSearch index and generated files, but the top-level description does not clearly warn users about this retention behavior. That creates a privacy and consent risk because users may reveal sensitive behavioral data or workflow details without understanding they will be logged for future recall.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When run with --apply, the script automatically extracts content from recent memory notes and sends that content to MeiliSearch using a bearer token, with only a generic flag as user consent. Because the extracted text is heuristic-based and the sensitive-data filter is incomplete, private or security-relevant note content can be exfiltrated to a remote service without meaningful review or confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits user-supplied learning content, context, and tags to a remote MeiliSearch service without any inline warning, confirmation, or sanitization policy. In a continuous-learning skill, users may submit sensitive failure details, prompts, tokens, or internal context, so silent exfiltration to a remote index materially increases privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal