ClawHub

Mindgraph

Security checks across malware telemetry and agentic risk

Overview

Mindgraph is a coherent local knowledge-graph skill, but it asks to become always active across workspace Markdown and has under-scoped persistent file creation behavior users should review before installing.

Install only if you want a workspace-wide Markdown knowledge-graph convention. Treat MindSkill execution and learning as opt-in, review saved PROCESS.md files before reuse, and avoid untrusted or path-like names until the learn command validates names as safe slugs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest description explicitly says to use this skill for ALL workspace file read/write activity and declares the skill 'always active,' creating a catch-all trigger that can hijack routine operations far outside a narrowly scoped knowledge-graph task. Overly broad auto-activation increases the chance the agent will perform unintended file modifications, invoke auxiliary scripts during normal work, or let this skill override more appropriate task-specific behaviors.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The examples for running a process are based on loose natural-language matching like 'run the knockout test on X' without validation, authorization, or scope constraints for what process is being executed and what files may be written. In a skill that can read process definitions and save results into the workspace, underspecified triggers can cause accidental execution of learned procedures or unintended writes based on ambiguous user phrasing.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The instruction to learn a new mindskill whenever a user 'describes a repeatable process' is vague enough to over-trigger on ordinary discussion, enabling the agent to create new skill structures and persist process definitions without a clear, intentional request. Because this changes workspace state and potentially creates reusable automation from conversational content, ambiguous learning triggers can produce unintended capabilities and durable prompt-injection surfaces in later runs.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases include very broad, common requests such as "Should I build X?" and "Validate this idea," which are likely to appear in ordinary conversation and can cause the skill to activate unintentionally. This is dangerous because unintended invocation can override user expectations, route the interaction into this framework when another tool was intended, and increase prompt-surface exposure to unrelated user content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal