ClawHub

Meow Speech

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese cat-persona skill with optional opt-in reminders, not hidden automation or malware.

Install it as a persona skill. Only enable proactive check-ins, memory continuity, or Feishu/Telegram delivery if you intentionally want scheduled affectionate messages, and review the host-created jobs, channel choice, frequency cap, and opt-out controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The quickstart instructs operators to send proactive messages through the active channel but does not restate the prerequisite that an OpenClaw-provided external channel must actually be available. In deployment, implementers often follow quickstarts more than manifests, so this omission can cause unauthorized or unsupported outbound messaging behavior and bypass intended delivery safeguards.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Framing the page as guidance for making the skill start proactive care 'after installation' creates a default-on interpretation that conflicts with the stated opt-in-only requirement. That can lead to unsolicited scheduling or check-ins without meaningful consent, which is especially risky because the skill is designed for affectionate, persistent outreach behavior.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The example reminder text is only in Chinese and may cause downstream implementations to send messages in a language the user did not request or understand. While this is primarily a UX and consent problem rather than a direct security exploit, unsolicited messages in the wrong language can undermine informed consent and increase the risk of confusing or inappropriate proactive contact.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The checklist uses subjective thresholds such as 'quiet long enough' and 'meaningful' without a precise definition, which can cause the agent to send proactive messages outside the user's intended consent boundaries. In a skill that explicitly contemplates proactive check-ins, ambiguity in triggering conditions increases the chance of unwanted outreach and privacy-intrusive behavior.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The guidance to send messages after 'a long stretch' of silence or when it is 'simply night' is overly broad and can map to ordinary inactivity rather than a meaningful need for intervention. Because this skill is designed for proactive check-ins, broad inactivity heuristics can lead to unnecessary or repeated contact that the user did not specifically expect.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
The example check-in text is written in Chinese and may bias implementations toward sending a fixed-language proactive message even when the user has not opted into that language for outbound contact. While lower severity than the timing issues, this can still create consent and usability problems, especially for externally delivered messages.

Ssd 3

Medium
Confidence
87% confidence
Finding
The example text says content has been recorded in multiple places ("MEMORY.md、数据库、还有今天的日记都有"), which normalizes broad persistence and duplication of user-provided information. Even though it appears in an example, it can encourage implementations that over-retain personal data, increase exposure surface, and make deletion/consent handling harder.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal