ClawHub

Item Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local item-inventory skill, but users should be careful with backup, restore, export, and path-disclosure features.

Install only if you are comfortable storing item names, prices, locations, notes, and dates in a local database and plain JSON backups. Treat exports and backups as private, avoid sharing terminal output from the info command if it includes personal paths, and make a fresh trusted backup before using full restore.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The info command reveals the database path, backup directory, and backup file metadata on the local filesystem. While only printed locally, exposing filesystem layout and file inventory can aid follow-on attacks, social engineering, or accidental disclosure when terminal output is shared, especially because this exceeds the core item-tracking need.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad natural-language triggers can cause accidental invocation during ordinary conversation, leading to unintended listing, modification, backup, export, or deletion workflows. In this skill, that risk is amplified because the documented command set includes sensitive local-data actions such as delete, export, restore, and cloud-backup configuration.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill advertises many generic trigger keywords such as item management, search, organize, and inventory-related phrases without clear activation boundaries. This increases the chance of accidental activation and unintended access to personal inventory data or initiation of write operations in response to ambiguous user speech.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Backup restore and merge operations can overwrite, duplicate, or corrupt a user's local inventory state if invoked incorrectly or with an untrusted file. The documentation mentions restore behavior but does not clearly warn about replacement semantics, provenance checks, rollback strategy, or mandatory confirmation before applying potentially destructive recovery actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs reading and creating a cloud-backup config file containing provider, local path, backup timing, and related metadata, then displaying status to the user. Exposing or mishandling this information can leak sensitive filesystem locations, cloud destinations, and behavioral metadata that may aid profiling or further compromise, especially on shared systems or in logged conversations.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The backup command explicitly encourages uploading backups to cloud services, but gives no warning that backups may contain sensitive personal inventory data such as ownership patterns, locations, notes, and dates. In this skill context, backups are likely to contain intimate household or personal information, increasing the chance of unsafe disclosure through user behavior the tool nudges toward.

Missing User Warnings

High
Confidence
95% confidence
Finding
Restore can perform a full destructive replacement of existing data after only printing an informational message, with no explicit confirmation step. This makes accidental or coerced invocation highly damaging, because a user can irreversibly lose current inventory records, history, and associated metadata in a tool meant to preserve personal records.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
In full-restore mode, the code deletes all existing history, subitems, and items before importing replacement data, with no safeguard in this function against accidental invocation or malformed backup content. In an agent setting, a mistaken or coerced call path could cause irreversible local data loss for the user's inventory records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal