ClawHub

Library

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SansFiction library helper, but users should treat its read/write token and optional reminder as sensitive account access.

Install this only if you want OpenClaw to read and update your SansFiction library. Prefer entering the token through secure OpenClaw configuration or environment settings instead of pasting it into chat, revoke or rotate it if exposed, and specify your preferred reminder time and timezone before enabling the daily check-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill tells the agent to have the user paste a personal token into chat and then persist it in local configuration, which contradicts the stated handling precautions and increases secret exposure risk. Storing a long-lived read/write token in chat-accessible or broadly readable config can lead to account compromise if logs, transcripts, or local files are exposed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Requesting that the user paste a personal token into chat is a genuine secret-handling weakness because chat transcripts may be retained, logged, or exposed to other tooling. The skill does not give a prominent warning about the sensitivity of the token or prioritize safer non-chat methods, making accidental credential disclosure more likely.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
Hard-coding the reminder timezone to Europe/Warsaw without user opt-in can cause reminders to fire at unintended local times, which is a privacy and reliability issue rather than a direct compromise. In context, this matters because the skill schedules persistent automated actions, so incorrect locale assumptions can create confusing or unwanted behavior.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal