ClawHub

Second Brain Router

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed personal knowledge-router that reads limited local wiki context and only writes back when explicitly asked, but its broad trigger wording could access personal notes more often than some users expect.

Install only if you want the agent to use a local second-brain/wiki workflow for broad thinking, writing, and decision prompts. Review or change the hardcoded vault paths, and be aware that local recall may read personal notes unless your agent asks for confirmation first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description activates on extremely broad categories like knowledge, judgment, writing, learning, and long-term thinking, which overlap heavily with normal conversation. In practice this can cause the skill to trigger unexpectedly and initiate local wiki/context access for routine requests, expanding exposure of private local data and increasing the chance of unintended tool use.

Vague Triggers

High
Confidence
92% confidence
Finding
The 'anchor-worthy' classifier includes vague concepts such as understanding, reflection, decision, writing, output, review, and broad philosophical topics, making routing boundaries unclear. Because this classifier directly gates file reads and recall commands, ambiguous matching can cause unnecessary access to local knowledge stores for benign user prompts that did not clearly request it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to assume a local vault layout and even provides concrete filesystem paths, then later directs reading local files and recall sources without requiring an upfront warning or permission prompt. This creates a privacy and transparency issue because users may not realize that answering a question could access personal local notes, memory stores, or project files.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal