ClawHub

Context Preserver

Security checks across malware telemetry and agentic risk

Overview

This is a local context-snapshot tool whose persistence and export behavior are broadly disclosed and purpose-aligned, though users should treat its snapshots as private metadata.

Install if you want local context snapshots, but treat exported snapshots as private. They can include your working directory, username/home path, PATH, shell, platform, and process IDs. Turn automatic snapshots off for sensitive work and avoid sharing exports unless you have reviewed or redacted them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation says snapshots contain only context metadata, but the example snapshot includes environment variables and process/session identifiers. This is dangerous because users may export or share snapshots believing them harmless, when they actually disclose system and account details that can aid fingerprinting, credential-path discovery, or privacy leakage.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The snapshot feature persists local environment details such as PATH, HOME, USER, SHELL, current working directory, and process metadata to disk. In a context-preservation tool, this can expose sensitive host information and operational context that may later be disclosed through export/show commands or other local compromise, and the captured fields are broader than necessary for the stated functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code automatically initializes and writes a persistent session-state file containing timestamps, task counters, and topic metadata without any user-facing notice or consent flow. In a context-preservation skill, silent persistence can expose behavioral metadata and create privacy risk, especially if users do not realize conversation context is being stored on disk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
saveSession() performs repeated background writes of session state during normal operations, again without visible disclosure to the user. Recurrent silent writes increase the chance that sensitive usage patterns, topics, or activity timing are retained longer than expected and may be accessible to other local users or backup systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill creates snapshots automatically on task completion, topic switches, and timers, but only logs internal status messages rather than providing meaningful user-facing warning or consent about snapshot creation. Because this skill is specifically designed to preserve context, the automatic capture of potentially sensitive conversation state makes undisclosed persistence more dangerous, not less.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Snapshot creation writes potentially sensitive local context data to persistent storage without any warning, consent prompt, or minimization. Because this skill is specifically designed to preserve and export context, silent persistence increases the chance of unintentionally storing confidential workstation paths, usernames, and runtime details that may later leak.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export and show features can reveal previously stored context data, including environment and host metadata, without any privacy warning or access guard. This expands the impact of over-collection because sensitive information is not only stored but also easily disclosed to other locations or terminal logs.

VirusTotal

1/63 vendors flagged this skill as malicious, and 62/63 flagged it as clean.

View on VirusTotal