ClawHub

Archive

Security checks across malware telemetry and agentic risk

Overview

This skill is a local archiving helper whose persistent storage and web fetching are disclosed and aligned with its purpose.

Install this only if you want saved items, full extracted text, metadata, preferences, and search/resurfacing history stored locally in ~/archive/. Avoid archiving secrets or sensitive private material unless you are comfortable with that persistent local copy, and use the opt-out language if you do not want proactive resurfacing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The template explicitly stores complete extracted text under 'Full Content' and also maintains detailed search and resurfacing history, which goes beyond a minimal archival snapshot and creates a durable repository of potentially sensitive content and behavioral metadata. If used on private or copyrighted material, this increases privacy, retention, and secondary-use risk because both the content itself and the user's interests/actions are preserved locally without any stated minimization or retention controls.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The 'User Preferences' section persists behavioral/profile fields such as resurfacing preferences, default tags, and 'ask_why: always,' which are not strictly necessary for basic archiving and can reveal habits, workflows, or inferred interests over time. Persistent profiling becomes more sensitive in this skill because the archive also tracks projects, tags, searches, and resurfacing behavior, allowing a richer picture of the user than the archival purpose alone requires.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match ordinary conversational language like 'save this' or 'keep this,' which can cause the skill to activate when the user did not intend archival behavior. In this skill, unintended activation is more dangerous because the workflow includes fetching external content and storing user-provided text, metadata, and local file paths, creating privacy and consent risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to fetch external content and store local file references without any visible warning, consent check, or boundary on what may be retrieved and retained. In an archival skill, this materially increases risk because users may unknowingly cause collection of sensitive web content, transcripts, extracted text, or local file paths that persist beyond the immediate session.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The template instructs immediate creation of local archive files and directories, including memory and history files, without warning the user that content, metadata, and access/search history will be written persistently to disk. This is dangerous because users may assume ephemeral processing, while the skill actually establishes a durable local datastore that could expose sensitive research, browsing targets, or project context to other local users, backups, or later compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal