ClawHub

Vesper

Security checks across malware telemetry and agentic risk

Overview

Vesper appears purpose-built for daily briefings, but it needs Review because it automatically schedules recurring jobs, aggregates sensitive personal data, and can update its own files from GitHub without clear approval controls.

Install only if you are comfortable with Vesper reading cross-skill personal data, creating local briefing and journal records, and registering scheduled jobs. Review or disable the midnight self-update cron job, prefer manual updates from a pinned trusted version, and narrow invocation phrases before using it with sensitive calendar, message, financial, or travel data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that initialization automatically creates files and registers recurring cron jobs, including a daily self-update, but does not clearly warn users about these persistent system modifications or the fact that code may be updated from an external source. This can lead to uninformed installation of a skill that establishes persistence and changes its own code over time, increasing operational and supply-chain risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README declares use of external Calendar and Weather APIs but gives no privacy notice about what user or environment data may be transmitted to third parties. Because this skill aggregates personal schedule and contextual signals, omission of disclosure can cause sensitive data exposure without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template explicitly includes highly sensitive personal data categories: appointments, message summaries, financial portfolio values, tax/accountant communications, and visa status. If populated or sent to the wrong recipient, rendered in an insecure context, or generated without explicit consent and scoping, it could expose private life details, financial information, and account-linked metadata that materially increase privacy and security risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requires writing persistent journals containing run metadata, commands, timestamps, model/runtime details, and hashes to a predictable path on disk, but the file provides no requirement to disclose this storage behavior to the user or obtain consent. This creates a privacy and transparency issue because users may unknowingly cause retention of operational data that could later be accessed, correlated, or exfiltrated by other local processes or administrators.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly lists several potentially sensitive data sources, including communication threads, financial logs, system artifacts, and journal entries, but provides no user-facing notice about what data may be accessed or how it will be used. In a signal-filtering skill, aggregating across these sources increases privacy risk because users may not realize the breadth of collection and inference being performed.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains broad, conversational phrases such as 'what's happening' and 'catch me up' that are likely to appear in ordinary user interactions. This increases the chance of accidental invocation, causing the skill to access aggregated system and journal data when the user did not explicitly intend to run this briefing function.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal