ClawHub

Vibes: Culture you've live.

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local culture-tracking skill, but it needs review because it can replace its own instructions from GitHub, proactively resurface personal/social notes, and suggest recurring background checks.

Install only if you are comfortable keeping personal culture notes, ratings, and social taste links in workspace files. Avoid enabling cron or heartbeat reminders unless you want recurring prompts over those notes, and do not let an agent update the skill by directly replacing SKILL.md from GitHub without manually reviewing the downloaded file and diff first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a local markdown tracker, but it instructs the agent to fetch remote content from GitHub for updates and to search externally for cover images when enabled. Those outbound actions expand trust boundaries and create supply-chain and privacy risks because remote content could be malicious, changed unexpectedly, or cause unintended network access.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The integrations with Peeps and Haah direct the agent to write into other datasets and send outbound recommendation requests beyond the core local tracking purpose. This increases the blast radius of the skill by allowing cross-system data propagation and possible disclosure of preferences, relationships, and recommendations without strong consent boundaries.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly encourages storing sensitive preference and relationship data such as taste profiles and shared affinities without any privacy warning, retention guidance, or handling precautions. In a personal-agent ecosystem, this kind of data can reveal intimate interests, social ties, and inferred beliefs, increasing the chance of unintended disclosure or misuse if other skills, prompts, or local users access it.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation guidance is broad enough that the skill may trigger during ordinary conversation about media, themes, or other people, causing the agent to search files or propose logging data without clear user intent. Over-broad triggers are dangerous in assistant systems because they can lead to unauthorized data access, unnecessary retention, and surprising behavior.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description says to use the skill when logging new culture, finding favorites, or asking broad questions, but it lacks clear trigger constraints. In practice this can cause opportunistic activation on loosely related conversations, increasing the chance of unintended searches or writes to personal notes.

Ssd 3

Medium
Confidence
86% confidence
Finding
The skill encourages proactive surfacing of relevant vibes, linking tastes to specific people, and adding social context from conversation without strong consent or minimization rules. That creates a privacy risk because it normalizes storing and resurfacing relationship-linked preference data that may be sensitive or unexpected to the user or third parties.

Ssd 3

Medium
Confidence
82% confidence
Finding
The heartbeat workflow tells the agent to resurface prior activity, unfinished media, and shared-taste information on its own. Unsolicited resurfacing of personal history and social links can expose sensitive patterns at the wrong time or to the wrong audience, especially in shared environments.

Ssd 3

Medium
Confidence
90% confidence
Finding
The Peeps integration directs the agent to record other people's recommendations and build taste profiles tied to identifiable individuals. This is risky because it stores third-party preference data and relationship context without any visible consent model, retention policy, or access control guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal