ClawHub

Scout

Security checks across malware telemetry and agentic risk

Overview

Scout has a clear OSINT research purpose, but it installs a daily self-updater that can silently replace its own files and persists/share research data in ways users should review before installing.

Install only if you are comfortable with Scout keeping local OSINT records, writing journals, sharing confirmed identity findings with Elephas/Chronicle, and registering a daily GitHub-based self-updater. Prefer disabling the cron job, using manual reviewed updates, and confirming or restricting the Elephas signal path before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill includes a self-update path that downloads a tarball from GitHub and recursively copies its contents over the local skill directory. This creates a software supply-chain and integrity risk: a compromised repository, maintainer account, branch, or network/tooling path could replace the skill with malicious code or altered instructions, and the update is not constrained by signature verification, pinning, or explicit user approval.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README states that initialization automatically installs a daily cron job that pulls updates from GitHub, but it does not present this as a significant security-sensitive behavior requiring explicit opt-in. Scheduled code changes from a remote source create a supply-chain risk: if the upstream repository, release process, or transport path is compromised, the skill can change behavior without the user's awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow states that the skill stores requests, findings, sources, and decisions locally, but the user-facing description does not clearly warn that research runs will create and retain local files. For an OSINT skill handling person and organization data, silent persistence increases privacy, retention, and operator-surprise risk, especially on shared systems.

Missing User Warnings

High
Confidence
98% confidence
Finding
The self-update behavior says it runs silently and overwrites local files from a remote GitHub source, but it does not clearly warn users that invoking the command can replace the installed skill contents. Silent overwrite of executable/instructional assets materially increases the risk of unnoticed compromise and makes the self-modification behavior more dangerous in context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates persistent journal creation for every run, including a fixed storage path under the user's home directory, but provides no user-facing disclosure, consent flow, or retention guidance. This can silently create local records containing run metadata, commands, and reasoning summaries, which may expose sensitive operational or user data and violate privacy expectations.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad trigger phrases such as 'who is', 'what do we know about', and 'update scout', which can easily match ordinary user requests outside the intended OSINT/background-research scope. This can cause unintended invocation of a skill that performs people/company investigation, increasing privacy risk, inappropriate data collection, and misrouting of benign queries into a surveillance-oriented workflow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal