ClawHub

Creative Fiction Writer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only adult writing skill; its only notable risk is that it saves generated erotic stories locally in a disclosed folder.

Install only if you are comfortable with completed adult stories being saved under ~/clawd/writing/erotic. On shared, synced, or backed-up machines, ask the agent not to save files or delete the saved files afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs the agent to automatically write generated content to a local filesystem path unrelated to the core task of text generation. Any automatic write side effect can create privacy, data handling, and persistence risks, especially for sensitive NSFW content, because it stores user-provided or generated material without explicit consent.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill expands from content generation into local file management by instructing the agent to create directories and save files automatically. This broadens the agent's authority beyond the stated purpose and increases the chance of unintended local side effects, data retention, and misuse of filesystem capabilities.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented automatic save behavior occurs without any warning, consent, or confirmation step. Silent persistence is particularly risky here because the content is erotic/NSFW and may expose sensitive user interests or prompts to anyone with access to the local machine or backups.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal