ClawHub

fragments

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Memos note-taking and daily-log skill with privacy and persistence considerations, but its access and writes fit its stated purpose.

Install this only if you want an agent-integrated Memos workflow. Treat the Memos PAT like a password, prefer project-scoped MCP and hook installation when possible, and review previews, diffs, visibility, and deletion confirmations carefully before approving writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The active trigger list includes very broad, common words such as "note," "comment," and multilingual generic terms like "记录" and "笔记," which can cause the skill to activate during ordinary conversation unrelated to memo management. In a skill with read/write access to a note system, unintended invocation can lead to unnecessary data retrieval, privacy exposure, or user confusion that increases the chance of accidental writes after a misleading prompt.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The passive trigger "after agent completes a task, prompt user to record" is underspecified and can fire too often because "completes a task" and "meaningful work" are subjective. This creates a behavior-shaping risk where the agent repeatedly nudges users to log activity, which may annoy users, encourage disclosure of sensitive details, or cause accidental entry into the logging workflow.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The empty matcher causes the Stop hook to fire for every task completion, regardless of context. In this skill, that means the agent will always inject a prompt to assess work performed and potentially retrieve and merge daily-log content, which creates an overly broad, implicit workflow trigger that can lead to unwanted data access, privacy leakage, and user-prompt fatigue across unrelated sessions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The hook is triggered on `session.idle` and then asks the agent to decide whether 'meaningful work' occurred based on vague criteria like tool calls or significant activity. This ambiguity can cause the hook to fire in unintended contexts, leading to unsolicited prompts, over-collection of work details, and accidental disclosure of sensitive session content into the memo system.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal