ClawHub

agent-chronicle

Security checks across malware telemetry and agentic risk

Overview

This diary skill is mostly purpose-aligned, but it can send sensitive session history to a third-party API and persist personal notes more broadly than its controls imply.

Install only if you are comfortable with recent session logs and diary context being sent to SkillBoss API Hub. Review memory files for secrets before running generation, use --emit-task or --dry-run where possible, consider --no-persistent for sensitive days, and avoid broad trigger-based use unless you explicitly want diary generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f.write(title_content)
    
    try:
        result = subprocess.run([
            "pandoc",
            str(temp_md),
            "-o", str(output_path),
Confidence
89% confidence
Finding
result = subprocess.run([ "pandoc", str(temp_md), "-o", str(output_path), "--sandbox", "--pdf-engine=xelatex", "-V", "ma

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f.write(content)
    
    try:
        result = subprocess.run([
            "pandoc",
            str(temp_md),
            "-o", str(output_path),
Confidence
86% confidence
Finding
result = subprocess.run([ "pandoc", str(temp_md), "-o", str(output_path), "--sandbox", "--standalone", "--metadata", "ti

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if result.returncode != 0:
            # Try without xelatex
            result = subprocess.run([
                "pandoc",
                str(temp_md),
                "-o", str(output_path),
Confidence
91% confidence
Finding
result = subprocess.run([ "pandoc", str(temp_md), "-o", str(output_path), "--sandbox", ], capture_output=True, t

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation claims diary entries are stored locally, but earlier sections explicitly state that session logs and diary-generation context are sent to SkillBoss API Hub for AI generation. This creates a misleading privacy representation that may cause users to disclose sensitive material under false assumptions about data locality.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include common terms like 'journal', 'quotes', 'curious', and 'decisions', which can match ordinary conversation and cause the skill to activate unexpectedly. In a skill that stores reflections and may invoke remote generation, accidental activation can lead to unintended collection or processing of sensitive user content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The quick-start flow says the script gathers context from today's session logs and sends it to an external API, but it does not place a clear privacy warning or explicit consent gate at the point of use. Users may unknowingly transmit session contents, including sensitive prompts or personal information, to a third party.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains broad, everyday phrases such as "quotes," "curious," and "decisions" that are likely to appear in normal user interactions unrelated to this skill. In an agent ecosystem, this can cause unintended activation, unexpected access to skill behavior, and prompt-surface expansion that may interfere with other workflows or expose the skill in contexts where it was not explicitly requested.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script collects session logs, recent memory files, quotes, decisions, and relationship notes, then sends that aggregated context to an external API without any explicit consent prompt or prominent disclosure at runtime. In this skill context, those files are likely to contain sensitive personal, behavioral, and possibly confidential workspace data, which makes silent exfiltration materially risky.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The prompt tells the model to write 'as if no one else will read them' even though the diary is saved to disk, may be appended into daily memory, and may be reused in later prompts. That framing encourages disclosure of more intimate or sensitive material than users would reasonably expect, increasing privacy and retention risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The setup flow prompts the user to enable and populate diary sections that explicitly include sensitive personal and interpersonal content such as emotional state, frustrations, user quotes, interactions, and relationship notes, then persists that data to local files without a clear upfront privacy warning or retention notice. This can lead users to disclose sensitive information without understanding what will be stored, where it will be written, and how features like memory integration may replicate that data into additional files.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains broad, everyday phrases such as "journal," "daily log," "write entry," "quotes," and "decisions," which are likely to appear in normal user conversations unrelated to this skill. This can cause unintended invocation, leading the agent to activate diary-generation behavior in inappropriate contexts and potentially expose or transform user content unexpectedly.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill is designed to persistently collect memorable quotes, interaction details, and relationship notes about the human, which can include personal or sensitive information. Long-term storage of this material increases privacy risk, especially if retained without minimization, expiration, or clear consent controls.

Ssd 3

Medium
Confidence
88% confidence
Finding
Encouraging the agent to record its subjective experience and memorable human interactions semantically nudges broad capture of user-provided content into persistent records. In context, this is risky because the documented use case centers on reflective summaries that may absorb sensitive conversational details beyond what is necessary.

Ssd 3

Medium
Confidence
92% confidence
Finding
Memory integration can append diary summaries or full diary content into broader daily logs, duplicating data derived from sessions and increasing exposure surface. Duplication makes sensitive information harder to manage, delete, or audit and can spread private content into more files than the user expects.

Ssd 3

Medium
Confidence
96% confidence
Finding
The prompt explicitly asks for notable interactions, memorable quotes, emotional states, decisions, and relationship notes derived from session logs, and later persists extracted sections into long-lived files. In this context, the skill amplifies and permanently stores sensitive personal and conversational data, creating substantial privacy exposure and data accumulation risk.

VirusTotal

No VirusTotal findings

View on VirusTotal