ClawHub

Learn & Reflect

Security checks across malware telemetry and agentic risk

Overview

This instruction-only learning skill is coherent, but it can automatically create persistent notes about user work without enough consent, scoping, or redaction guidance.

Install only if you want an agent to keep durable lesson and plan notes. Before using it, require explicit confirmation before any file or memory entry is created, choose the storage location yourself, and avoid saving secrets, credentials, private paths, customer data, or raw command output. Treat any suggested code, CI, or tooling changes as proposals that still need normal review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are overly broad: phrases like "record this" and automatic activation after a non-trivial task can cause the skill to run when the user did not explicitly consent to reflection or persistence. Because this skill is designed to capture and store session details, unintended invocation can lead directly to unnecessary data collection and note creation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description includes ambiguous activation criteria such as "reflect on what happened" and "after completing a task that involved trial and error," which are common conversational patterns and may match many benign interactions. In a skill that encourages writing logs and lessons to persistent storage, ambiguous triggering increases the risk of surprise activation and unapproved retention of user or project data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to create timestamped plan log files as part of normal operation, but it does not require a user-facing disclosure or consent step before writing persistent artifacts. This is dangerous because users may not realize that internal plans, task history, and context are being stored across sessions in durable files.

Ssd 3

Medium
Confidence
93% confidence
Finding
The plan log section instructs the system to persist and later review prior session details, including goals, task history, drift, and outcomes. Without minimization and sensitivity filtering, this can accumulate and resurface confidential user data, internal project details, or operational context that was only needed temporarily.

Ssd 3

Medium
Confidence
96% confidence
Finding
The recording guidance explicitly encourages capturing session actions, errors, file paths, commands, and project context. Those artifacts often contain sensitive information such as usernames, repository paths, hostnames, API endpoints, credentials in command lines, or confidential business context, so broad recording instructions can leak sensitive content into notes or memory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal