ClawHub

Knowledge Connector

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it claims, but it persists document-derived data locally and its generated HTML graph loads an unpinned third-party script, which creates privacy and supply-chain concerns.

Install only if you are comfortable with a local index of your imported notes being kept on disk. Import narrow directories rather than broad personal folders, set KC_DATA_DIR if you want a controlled storage location, and avoid opening generated HTML visualizations with sensitive graph data unless you accept the unpkg.com third-party script load.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The HTML visualization unconditionally loads a third-party script from unpkg.com at runtime. That creates a supply-chain and privacy risk: viewing a local knowledge graph can trigger external network access, leak usage metadata, and expose the page to malicious upstream script changes or CDN compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The import flow reads user documents and persists extracted metadata including file paths, excerpts, source titles, content hashes, and concept excerpts into local JSON files. For a knowledge connector handling potentially sensitive notes and documents, storing this data without explicit disclosure, retention controls, or minimization can expose confidential information to other local users, backups, or later compromise of the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal