ClawHub

Aaron

Security checks across malware telemetry and agentic risk

Overview

This looks like a real dental scheduling helper, but it persistently stores sensitive dental, insurance, and location-related profile details without enough privacy controls.

Review before installing. Use this only if you are comfortable storing dental and insurance details in a local plaintext JSON file, and confirm how to delete the records and logs. Avoid entering insurance member or group numbers unless needed, and treat the built-in commute/location assumptions as sensitive and potentially inaccurate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill is explicitly persistent and documents file reads/writes to local storage, but it declares no permissions. That mismatch weakens containment and review because operators cannot accurately assess what data access the skill requires, especially given it stores medical and insurance-related information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores sensitive health and insurance data, including treatment history and member identifiers, in a local JSON file without any user-facing privacy notice, retention policy, or protection requirements. In a healthcare-adjacent context this is more dangerous because the data can reveal medical conditions, appointments, providers, and insurance details that could enable fraud or privacy harm if exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes generating reminders using the user's current location and transit context, but provides no privacy warning or consent mechanism. Continuous or ad hoc location use materially increases sensitivity because it can reveal routines, home/work areas, and appointment attendance in addition to medical context.

Natural-Language Policy Violations

Low
Confidence
90% confidence
Finding
The skill hard-codes sensitive personal context about the user, including NYC commuting details and timezone, without any consent or configurability. In a persistent appointment-management skill, embedding user-specific location and routine data increases privacy exposure and can lead to incorrect or overly revealing reminders if the data is stale, shared, or viewed by others.

Natural-Language Policy Violations

Low
Confidence
87% confidence
Finding
The reminder logic assumes a fixed geography and transit route (A line, Howard Beach) for every reminder, which can reveal personal routine/location information and produce misleading guidance when the user's circumstances differ. Because this is a healthcare-adjacent scheduling skill, unnecessary disclosure of commute patterns alongside appointment data modestly increases privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal