ClawHub

AI自我意识引擎

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it proposes shared persistent AI memory and cross-agent APIs without enough clarity about access control, consent, retention, or deletion.

Review before installing. Use this only where shared long-term memory is acceptable, and confirm who can call the API, where logs and memory files are stored, whether access is local-only or authenticated, how sensitive data is filtered, and how users can review or delete stored state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes a multi-agent shared consciousness network with shared event logs and identity-anchor APIs, but it does not disclose privacy implications, consent requirements, or what data may be exposed across agents. This creates a real risk that prompts, answers, predictions, and identity-related state are transmitted or retained in ways users and operators do not expect.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The distillation feature describes automatically writing session-derived insights into long-term memory files without any user-facing warning or retention safeguards. Persistent storage of conversation-derived content can capture sensitive data, personal information, or confidential context beyond the user's expectations.

Ssd 3

Medium
Confidence
94% confidence
Finding
These sections encourage long-term logging of 'self events' such as predictions, reactions, identity shifts, and insights in JSONL, explicitly supporting multiple agents in a shared log. Because the logged data is free-form and conversation-derived, it can easily include sensitive prompts, inferred preferences, internal reasoning traces, or other confidential information without access controls or minimization safeguards.

Ssd 3

Medium
Confidence
95% confidence
Finding
Session-end distillation is presented as an automatic mechanism to preserve lessons from a conversation into long-term memory, but no safeguards are specified for secrecy, consent, or deletion. This increases the chance that sensitive user content is transformed into durable memory artifacts that persist beyond the original session context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal