ClawHub

Personal Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a simple local daily briefing skill that writes a small JSON briefing file and can be scheduled, with no evidence of hidden network access, credential use, or destructive behavior.

Before installing, review the small script, choose an output path you are comfortable storing locally, and only add the cron schedule if you want a briefing generated every day until you remove that schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises file-writing behavior via `--output daily_briefing.json` while the metadata shows no declared permissions. That creates a permission/transparency gap: users and the platform may not understand that local files containing personal routine data can be created, which weakens informed consent and review.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description uses very broad activation phrasing such as 'starting your day, planning tasks, or maintaining daily routines,' which could cause the skill to match generic productivity requests more often than users expect. This is primarily a scope/triggering risk rather than direct exploitation, but over-broad invocation can expose more user context to the skill than necessary.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The markdown instructs users to save output to a file but does not warn that the file may persist personal schedule, habits, reflections, or location-related routine data on disk. In a personal-assistant context this makes the issue more relevant because the generated content is inherently personal, even if not highly sensitive by default.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal