ClawHub

Openweruh

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can monitor and record screen activity without enough documented privacy controls.

Install only if you are comfortable with a skill analyzing active screen content. Before enabling it, confirm how screen events are turned on, whether silent mode is opt-in, what is stored, how long it is kept, and how to pause or delete observations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to process screen captures delivered by webhook and proactively message the user, but it provides no user-facing notice, consent flow, or privacy guardrails for handling potentially sensitive on-screen content. Because screenshots can contain credentials, private messages, financial data, or health information, silent background analysis increases the risk of unexpected surveillance and accidental exposure or misuse of sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples normalize continuous observation of screen content and user activity patterns without any accompanying privacy notice, consent boundary, or data-minimization guidance. In a skill explicitly triggered by screen.context webhook events, this can encourage deployment of intrusive monitoring behavior and proactive nudging based on sensitive on-screen content, increasing privacy and compliance risk.

Missing User Warnings

High
Confidence
94% confidence
Finding
The silent mode explicitly describes background recording and end-of-day/session summarization while stating that no active notifications are generated from individual screen context events. In a screen-context processing skill, that creates meaningful privacy risk because users may be monitored and summarized without timely, clear notice or consent, increasing the chance of collecting sensitive on-screen information invisibly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal