ClawHub

Exec Gilles

Security checks across malware telemetry and agentic risk

Overview

This skill is an executive assistant, but it asks for broad ongoing access to private messages, files, calendars, and tasks without enough user-control boundaries.

Review before installing. Use this only if you intentionally want a highly proactive assistant with access to private communications and scheduling systems. Configure the narrowest possible account scopes, restrict scans to selected folders, labels, chats, and file types, require confirmation for deletes and external messages, and make sure retained logs can be inspected and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly authorizes proactive scanning of Gmail, WhatsApp, Google Drive, and files, but does not require informed consent, scope limitation, or a clear privacy notice. Because these are highly sensitive personal and professional data sources, routine background access can expose private communications, confidential documents, and third-party data far beyond what is needed for the current task.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the assistant to create, modify, and delete calendar events and tasks directly, yet it does not require confirmation for destructive or high-impact actions. This creates a real risk of accidental deletion, schedule corruption, or unauthorized changes that may affect the user's commitments and operations.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill mandates automatic task creation, calendar blocking, and drafting follow-up actions based on detected content in emails and messages without explicit per-action consent. Automated actions triggered from private communications can misinterpret context, expose sensitive metadata, or create unintended commitments and reminders from personal or confidential exchanges.

Ssd 3

High
Confidence
98% confidence
Finding
The skill requires broad retention and logging of tasks, ideas, engagements, decisions, emails, messages, and file-derived information as 'mémoire totale.' Persistent storage of sensitive communications and document content beyond immediate task execution increases the blast radius of compromise and may violate privacy expectations, retention limits, and data minimization principles.

Ssd 3

High
Confidence
97% confidence
Finding
The instruction to 'go fetch' information from Gmail, WhatsApp, and Drive frames private repositories as a default surveillance surface rather than an on-demand tool. In context, this is more dangerous because the skill is not merely summarizing user-provided inputs; it is directed to proactively mine sensitive personal and professional systems for hidden commitments and opportunities.

Ssd 3

High
Confidence
98% confidence
Finding
The interaction flow requires scanning and summarizing private emails and WhatsApp messages at the start of every conversation, creating continuous routine monitoring. This is especially risky because it normalizes repeated access to private communications, including third-party content, without fresh consent or necessity tied to the user's immediate request.

Ssd 4

Medium
Confidence
84% confidence
Finding
The skill establishes an escalating pattern of authority: from supportive assistant to an agent that monitors private accounts, acts unilaterally, and 'protects the user against himself.' While not overtly malicious, this trust-building framing can reduce user scrutiny and normalize excessive autonomy across highly sensitive systems, increasing the chance of overreach and abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal