ClawHub

project-keeper

Security checks across malware telemetry and agentic risk

Overview

This skill is a project note keeper, but it can automatically create lasting workspace records from ordinary project discussion without clear user consent or deletion controls.

Review before installing, especially for client, private, infrastructure, or credential-sensitive work. Use it only if you are comfortable with the agent writing persistent project notes in the workspace, and avoid saving tokens, secrets, private paths, or confidential architecture unless you deliberately approve that storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger activates on very common, loosely defined discussion about any 'new project,' making unintended activation likely. In this skill’s context, broad activation is more dangerous because it leads directly to creation and use of persistent project records, increasing the chance of silently capturing benign conversation as retained data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to create a local projects directory and store project information without first notifying the user or obtaining consent. This is dangerous because it causes silent persistence of user-provided content, which may include sensitive project names, paths, architecture details, or tokens, outside the immediate chat context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly frames project files as a way to avoid the user having to re-explain details after chat resets, which is a direct instruction to retain user content across sessions without an accompanying warning. In context, this increases risk because the stored onboarding file is designed to accumulate 'critical info' for future reuse, potentially preserving sensitive operational or proprietary details longer than the user expects.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting user-mentioned project details across chats creates a natural-language memory store that can contain confidential business context, internal paths, system architecture, and authentication-related notes. The example even references secure handling of a gateway token, showing that the subject matter may involve secrets, making cross-chat retention more dangerous in this project-management context.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to proactively extract additional project details and place them into persistent records encourages over-collection beyond what the user explicitly asked to save. That is risky because users may casually disclose sensitive design decisions, infrastructure locations, or business plans during clarification, and the skill normalizes storing that expanded dataset for future use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal