ClawHub

AI员工协作技能包

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent AI-workflow skill with disclosed local memory persistence, not evidence of malware or deception.

Install only if you are comfortable with the skill storing and reloading local memory about agent work. Review where its memory directory is created, avoid placing credentials or sensitive business data in retained notes, and periodically delete or archive stored memory if it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill’s documentation advertises collaboration and workflow automation, but the described implementation also includes local filesystem persistence, memory directories/files, CLI employee management, and template copying that are not clearly disclosed in the top-level purpose. This mismatch can cause users to authorize or run the skill without understanding that it writes and retains local data, increasing the risk of unintended data exposure, unsafe file operations, or over-privileged deployment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that work records are automatically persisted in the `memory/` directory and reloaded on startup, but it does not warn users about retention, sensitive-data storage, access controls, or deletion practices. In a multi-agent collaboration system, those records may contain prompts, business data, credentials, or internal discussions, so undocumented persistence increases privacy and data-leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes long-term persistent memory for AI employees but provides no warning about data retention, privacy implications, or handling of potentially sensitive business information. In a team-automation context, this is risky because stored memory may contain project details, internal reports, credentials, or personal data that users do not realize will be retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal