ClawHub

Aeon Proactivity

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local-memory and proactivity helper, with no executable code or network behavior found.

Install only if you want the agent to keep local notes about corrections, preferences, reminders, and prior sessions. Avoid giving it secrets or sensitive personal details you do not want remembered, and periodically inspect or delete the files under the disclosed local workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's stated purpose is passive learning and recording feedback, but this section expands behavior into recommending other skills and proposing automation creation. That scope expansion can lead users to authorize actions they did not expect from a memory-oriented skill, increasing the risk of unsafe delegation and privilege creep.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
Emotion detection and tone adaptation go beyond the manifest's description of observing feedback and recording learnings. Inferring emotional state from conversation can cause undisclosed profiling and persistent behavioral adaptation, especially when paired with local storage and cross-session memory.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Recommending installation of other skills is not justified by the declared purpose of passive feedback learning. This can be abused as a capability-escalation path, nudging users toward enabling broader functionality than they intended to grant to a simple note-taking skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Proposing to create scripts for automation materially changes the skill from passive memory to action generation. Script creation can introduce unsafe commands, persistence, or unintended system changes, and users may trust the output because it comes from a seemingly harmless learning skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad phrases like 'wrong', 'incorrect', or general frustration, which can occur in normal conversation without intent to activate persistent logging behavior. This raises the risk of unintended activation, over-collection of user data, and behavioral changes without clear consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill persistently stores conversation-derived data across sessions, but the early description does not prominently warn users about ongoing local retention. Users may share sensitive preferences, corrections, or task details without realizing they will be saved to disk for future use.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The description says the skill will 'passively observe user feedback' and 'automatically record lessons and improvement suggestions' without defining clear activation boundaries or consent conditions. That ambiguity can cause the skill to run more broadly than users expect and capture or persist conversational content in ways that increase privacy and behavioral-surveillance risk, especially given localStorage read/write permissions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal