ClawHub

People Relationship Map

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal CRM skill that stores relationship notes locally and can optionally produce chat-friendly reminders, with privacy caveats but no hidden exfiltration or destructive behavior found.

Install only if you are comfortable keeping names, relationship links, notes, birthdays, and contact history in workspace files. Review captured entries, avoid storing secrets or highly sensitive third-party information, be careful with Obsidian/cloud sync, and enable WhatsApp/Telegram cron delivery only after confirming what will be sent and who can see that channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as using only local Markdown/JSON storage, but later instructs sending relationship digests to WhatsApp/Telegram. That creates a scope mismatch: sensitive social graph data may leave the local workspace without being disclosed in the primary description or manifest, increasing the risk of unintended external disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic capture of people mentions from conversations, which implies collection of personal and relationship data without any visible notice about consent, scope, or review before storage. In a personal CRM skill, this is privacy-sensitive because the agent may persist third-party information that users did not intend to record, increasing the risk of unauthorized profiling or retention of sensitive data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The storage section explains that relationship data is written to local Markdown and JSON files and can be synced into Obsidian-compatible tools, but it does not warn that these files may be backed up, shared, indexed, or synced to external services. Because the data concerns real people and their relationships, users may underestimate exposure and accidentally leak sensitive contact notes or social graph information beyond the intended local workspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The auto-capture section tells the agent to silently persist personal facts, interactions, and relationships from conversation. This is dangerous because users may mention sensitive third-party information casually without realizing it will be stored durably in files and graph indexes, creating privacy, consent, and retention risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Sending weekly relationship digests over WhatsApp/Telegram transmits sensitive contact history and social graph information through external channels, yet the documentation provides no clear warning or consent flow. That can expose private relationship data to third-party services, device notifications, backups, or anyone with access to the chat account.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions explicitly encourage silent persistence of personal details mentioned in conversation, including meetings, birthdays, and interpersonal connections. In a personal CRM context this is especially sensitive because it builds a durable dossier about real people, potentially without informed consent from either the user or the third parties described.

Ssd 3

Medium
Confidence
93% confidence
Finding
The weekly digest instruction exports stored relationship data to external messaging channels, which extends exposure beyond the local workspace and into third-party ecosystems. Because the data includes contact recency and personal relationship context, compromise of the messaging account or notifications could leak sensitive behavioral and social information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal