ClawHub

Cloud

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only cloud storage guide; its cleanup advice can affect user data, but it is manual, visible, and on-topic.

Install is reasonable for general cloud-storage help. Before following cleanup steps, confirm important files are backed up elsewhere, remember that cloud deletions may sync to other devices and collaborators, and use restrictive sharing settings for private files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, everyday phrases such as "share folder," "Dropbox issues," and "where are my files," which can match common user requests outside a narrowly scoped cloud-storage intent. This can cause unintended activation, routing users into the wrong skill and potentially exposing irrelevant guidance or interfering with more appropriate skills.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section gives users destructive storage-cleanup actions, including deleting backups, message history, app data, and a 'nuclear option' affecting iCloud Photos, without clearly warning that these steps can permanently remove data or be hard to reverse. In a consumer file-storage skill, users may follow these steps quickly to free space and unintentionally lose important photos, backups, or messages.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Dropbox, OneDrive, and general cleanup guidance tells users to permanently delete files and empty trash or recycle bins, but does not clearly state that these actions can destroy recoverable data. Because the skill's purpose is cloud storage management, users are especially likely to execute these instructions directly, increasing the chance of accidental permanent data loss.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal