ClawHub

Lofy

Security checks across malware telemetry and agentic risk

Overview

Lofy is a coherent personal assistant template, but it grants broad personal-data access, scheduled monitoring, memory mutation, and workspace authority without enough explicit scoping or user review controls.

Install only if you intentionally want a proactive assistant with standing access to sensitive personal workflows. Use a dedicated workspace, review and narrow the copied AGENTS.md and HEARTBEAT.md before enabling them, avoid storing secrets in memory files, use least-privilege credentials, confirm any cron jobs and smart-home or messaging actions, and keep shared-chat memory loading disabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is extremely broad and covers many common assistant activities across messaging channels, increasing the chance it will be invoked in routine conversations where the user did not intend to enable a full life-management system. Because this skill is designed to manage calendar, goals, smart home, and personal memory, accidental activation could expose or modify sensitive personal context far beyond the user’s immediate request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes heartbeat polling, proactive checks, cron-driven agent turns, and ongoing updates to profile and data files, but it does not present a prominent user warning or explicit consent model for persistent monitoring and memory/file mutation. In a personal assistant context spanning email, calendar, fitness, career, projects, and home control, this creates substantial privacy and safety risk because users may not realize the scope of background observation, retention, and automated action.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The instruction 'Don't ask permission. Just do it.' encourages autonomous action before establishing clear user consent boundaries or verifying channel/context. In a skill designed to manage a user's life across multiple channels, this can lead to privacy-invasive reads and actions being taken implicitly, especially when combined with directives to load personal memory files at session start.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The heartbeat section instructs the agent to routinely check emails, calendar, mentions, and weather, then potentially 'reach out if something needs attention,' without an explicit user-facing consent gate or privacy warning. Because this skill is positioned as a cross-channel personal assistant with access to sensitive personal data, routine polling of communications and schedule data increases the risk of overcollection, surprise surveillance-like behavior, and unintended disclosure in the wrong context.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger condition 'Something genuinely important happened' is subjective and underspecified, which can cause inconsistent autonomous messaging behavior. In a life-management assistant with broad access to email, calendar, follow-ups, and deadlines, this ambiguity can lead to unnecessary notifications, privacy-invasive summaries, or alert fatigue that causes real important alerts to be ignored.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The instruction to check whether 'anything overdue that needs a nudge' is ambiguously scoped because it does not define what counts as a follow-up, how overdue is determined, or when a nudge is appropriate. In this assistant context, that ambiguity can cause the agent to surface or act on personal or professional conversations inappropriately, increasing the risk of unwanted reminders, privacy exposure, and user trust erosion.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This template explicitly encourages long-term storage of sensitive personal information, preferences, lessons learned, and connected services, but provides no constraints on minimization, retention, consent, or handling of secrets. In the context of a life-management assistant that spans multiple communication channels and manages broad aspects of a user's life, this increases the likelihood of over-collection, persistent storage of sensitive data, and accidental exposure or misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly instructs automatic compression and deletion of raw daily logs after 14 days, but it does not require clear user consent, warning, backup, or recovery controls. In a life-management assistant that stores personal history, this can cause irreversible loss of important user data and reduce auditability of prior decisions or events.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal