ClawHub

Training Swarm

Security checks across malware telemetry and agentic risk

Overview

This training assistant appears purpose-aligned overall, but it asks agents to create persistent local records and send WeChat reminders without clearly scoped permissions or user consent.

Review this skill before installing. Use it only if you are comfortable with it maintaining local training records under your home directory and potentially using WeChat-style push reminders. Ask the agent to confirm before creating files, tracking named learners, or sending any reminder externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Scope Creep

High
Confidence
99% confidence
Finding
The skill explicitly instructs creation of directories and writes multiple persistent files under ~/.workbuddy/tasks even though the manifest declares only file-read permission. This creates a permission/behavior mismatch that can mislead users and enforcement systems, and it enables unintended persistence of potentially sensitive training data on the local filesystem.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as a training assistant, but the documented workflow includes local archival, task tracking, and persistent workspace management behaviors that materially expand its operational scope. This mismatch reduces transparency and can cause users to invoke the skill without understanding that it will maintain local state and records.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The when_to_use trigger text is broad enough to match common terms like training, quizzes, knowledge management, and reminders, increasing the chance of accidental invocation. Overbroad activation can cause the skill to run in contexts where users did not intend file handling, tracking, or reminder-related behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documented trigger words are generic everyday terms that overlap with normal conversation about learning, testing, or knowledge bases. This ambiguity increases the risk of unintended activation and downstream execution of persistence or notification workflows without clear user authorization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes proactive WeChat push reminders for learning progress, reviews, and assessments without clearly explaining outbound messaging, data disclosure, consent, or retention. This can expose personal progress data or training status to external services and trigger notifications users did not knowingly authorize.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal