ClawHub

Personal Hygiene

Security checks across malware telemetry and agentic risk

Overview

This is a simple personal hygiene tracking skill that stores relevant notes in one local workspace file, with no evidence of code execution, network access, credential use, or data exfiltration.

Install only if you are comfortable having grooming routines, dental visit timing, product lists, and similar personal care details saved in `knowledge/personal/hygiene.md`. Review or delete that file if the workspace is shared, backed up, or no longer needs this information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that personal hygiene data is stored in the agent workspace, but it does not warn users that sensitive lifestyle and health-adjacent information may persist on disk. In this skill's context, the data includes routines, dental visits, grooming history, and product purchases, which can expose private behavioral information if the workspace is shared, backed up, or accessed by other tools.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is very broad and includes common words like 'skin', 'teeth', 'shower', 'cream', and 'personal care', which can cause the skill to activate in unrelated conversations. Unintended activation is risky because this skill is instructed to read and update a personal knowledge file, increasing the chance of inappropriate handling or modification of user data outside the intended context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to update `knowledge/personal/hygiene.md` whenever the user mentions new information, but it does not require notifying the user or obtaining confirmation before modifying stored records. This can lead to silent persistence of sensitive personal-health-adjacent data, accidental corruption of records, or retention of information the user did not expect to be saved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal